Controls the visibility of the Proxy Settings > Explicit Proxy menu, which allows you to enable an HTTP, HTTPS, or FTP proxy for your network and add the proxy to one or more FortiProxy interfaces. Users on your network must configure their browsers to use the proxy. Create policies to control access to the proxy and apply UTM and other features to proxy traffic.

Controls the visibility of the Content Analyses > ICAP Profile, Content Analyses > ICAP Remote Servers, and Content Analyses > ICAP Local Servers pages, which allow you to offload services to an external server. These services can include: ad insertion, virus scanning, content and language translation, HTTP header or URL manipulation, and content filtering. You can also use this feature to set up profiles and add them to security policies.

Controls the visibility of the following IPv6 features in the GUI: network interface addresses, trusted hosts for administration, static routes, policy routes, and firewall addresses.

Controls the visibility of the VPN menu, which allow you to create secure communication channels between networks and allows remote users to safely connect to secure private networks using IPsec VPN and FortiClient.

Controls the visibility of the WAN Optimization and Web Cache menus.

The WAN Optimization menu allows you to add WAN optimization to improve traffic performance and efficiency as it crosses the WAN.

The Web Cache menu allows you to cache web pages from any web server. All traffic between a client network and one or more web servers is then intercepted by a web cache policy. This policy causes the FortiProxy unit to cache pages from the web servers on the FortiProxy unit and makes the cached pages available to users on the client network. Web caching can be configured for standard and reverse web caching.

Controls the visibility of the Policy & Objects > ZTNA menu, which allows you to uses client device identification, authentication, and Zero Trust tags to provide role-based application access. It gives administrators the flexibility to manage network access for On-net local users and Off-net remote users. Access to applications is granted only after device verification, authenticating the user’s identity, authorizing the user, and then performing context based posture checks using Zero Trust tags.

Controls the visibility of the Security Profiles > AntiVirus menu, which allows you to remove viruses, analyze suspicious files with FortiSandbox, and apply botnet protection to network traffic. Set up antivirus profiles and add them to policies. This feature requires a subscription to FortiGuard AntiVirus.

Controls the visibility of the Security Profiles > Application Control menu, which allows you to visualize and control the applications on your network. Set up application sensors and add them to policies. This feature requires a subscription to Application Control Signatures.

Controls the visibility of the Security Profiles > DNS Filter men, which allows you to apply DNS category filtering, URL filtering to control a userʼs access to web resources. Set up DNS filter profiles and add them to policies or add them to a DNS server on a FortiProxy interface. Some features require a subscription to FortiGuard Web Filtering.

Allows access block for endpoints (PCs, iOS devices, Android devices) through the FortiProxy unit unless they meet security requirements. Enforces the use of FortiClient on the endpoints. Sends non-compliant endpoints to the FortiClient download portal to install the latest version. Setup Endpoint Control on FortiClient EMS. Requires FortiClient licenses.

Controls the visibility of the Security Profiles > File Filter menu, which allows you to block files passing through based on file type based on the file's metadata only and not on file size or file content. A DLP profile must be configured to block files based on size or content, such as SSN numbers, credit card numbers, or regular expression pattern. The file filter can be applied directly to policies.

Controls the visibility of the Security Profiles > Intrusion Prevention menu, which allows you to detect and block network-based attacks. You can set up IPS sensors and add them to policies. This feature requires a subscription to FortiGuard IPS.

Controls the visibility of the Security Profiles > Video Filter menu, which allows you to apply video filter rules to policies to control user's access to videos from different sources.

Controls the visibility of the Security Profiles > Web Filter menu, which allows you to apply web category filtering, URL filtering, and content filtering to control user's access to web resources. You can set up web filter profiles and add them to policies. Some features require a subscription to FortiGuard Web Filtering.

Relaxes the requirement for every policy to have a name when created in GUI.

Controls the visibility of the System > Certificates menu where you can manage the certificates used for SSL inspection, SSL load balancing, IPsec VPN, and authentication. If certificates are not turned on, default FortiProxy certificates are used for these functions.

Controls the visibility of the Network > DNS Service menu, which allows you to set up the FortiProxy unit as the DNS server for your network. You can add local DNS entries to the DNS database and forward other DNS lookups to external DNS servers.

An alternative way to set up a DNS server is to set up DNS Filter Profiles (under Security Profiles > DNS Filter) and add them to DNS Server on a FortiProxy interface.

Firewall policy lists end with an implicit policy that denies all traffic. Enable this feature to see these policies on firewall policy lists in the GUI. You can edit an implicit policy and enable logging to record log messages when the implicit policy denies a session.

Allows the configuration of policies with multiple source/destination interfaces. See Create or edit a policy.

Controls the visibility of advanced options when you create a policy in the GUI, such as the Negate Destination option. See Create or edit a policy.

Controls the visibility of the Policy Disclaimer option, which allows the user to enable a disclaimer on an allow policy, or a block notification on a deny policy. See Create or edit a policy.

Controls the visibility of the System > Replacement Message Groups menu.

Controls the visibility of the Log & Report > Log Settings > Threat Weight tab, which includes the Threats option for FortiView and shows UTM events sorted using a weighted severity system.