Fortinet black logo

Release Notes

Home FortiProxy 7.4.0 Release Notes
7.4.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

HTTPS download of PAC files for explicit proxy

HTTPS download of PAC files for explicit proxy

Proxy auto-config (PAC) files can be downloaded for an explicit proxy through the FortiProxy's captive portal using HTTPS to ensure a secure download.

Example

In this example, a Windows PC has an HTTPS URL configured in its proxy settings to download a PAC file from a FortiProxy by using a download link, https://cp.myqalab.local:7831/proxy.pac, through a captive portal. Once the PAC file is securely downloaded using HTTPS, browsers installed on the PC can use the proxy in the PAC file to visit a website.

The global web proxy settings must be configured to use a customized SSL certificate because the default Fortinet_Factory certificate will not be accepted by Windows due to security restrictions. The customized SSL certificate is used as the HTTPS server's certificate on the FortiProxy. All CA certificates in the server certificate must be installed and trusted on the Windows PC.

To download a PAC file using HTTPS:

  1. Configure the explicit web proxy to get a PAC file through HTTPS:

    config web-proxy explicit
    set pac-file-server-status enable
    unset pac-file-server-port
    set pac-file-name "proxy.pac"
    set pac-file-data "function FindProxyForURL(url, host) {
   // testtest
   return \"PROXY 10.1.100.1:8080\";
}
"
    set pac-file-through-https enable
end

  2. Configure the captive portal to be used as an HTTPS server to provide the service to download the PAC file:

    config authentication setting
    set captive-portal-type ip
    set captive-portal-ip 10.1.100.1
    set captive-portal-ssl-port 7831
end

  3. Configure the global web proxy settings to use a customized SSL certificate:

    config web-proxy global
    set ssl-cert "server_cert"
end

  4. On the Windows PC, go to Settings > Network & Internet > Proxy.

  5. In the Automatic proxy setup section, click Save to trigger the PAC file download from the HTTPS URL.

Previous
Next

HTTPS download of PAC files for explicit proxy

Proxy auto-config (PAC) files can be downloaded for an explicit proxy through the FortiProxy's captive portal using HTTPS to ensure a secure download.

Example

In this example, a Windows PC has an HTTPS URL configured in its proxy settings to download a PAC file from a FortiProxy by using a download link, https://cp.myqalab.local:7831/proxy.pac, through a captive portal. Once the PAC file is securely downloaded using HTTPS, browsers installed on the PC can use the proxy in the PAC file to visit a website.

The global web proxy settings must be configured to use a customized SSL certificate because the default Fortinet_Factory certificate will not be accepted by Windows due to security restrictions. The customized SSL certificate is used as the HTTPS server's certificate on the FortiProxy. All CA certificates in the server certificate must be installed and trusted on the Windows PC.

To download a PAC file using HTTPS:

  1. Configure the explicit web proxy to get a PAC file through HTTPS:

    config web-proxy explicit
    set pac-file-server-status enable
    unset pac-file-server-port
    set pac-file-name "proxy.pac"
    set pac-file-data "function FindProxyForURL(url, host) {
   // testtest
   return \"PROXY 10.1.100.1:8080\";
}
"
    set pac-file-through-https enable
end

  2. Configure the captive portal to be used as an HTTPS server to provide the service to download the PAC file:

    config authentication setting
    set captive-portal-type ip
    set captive-portal-ip 10.1.100.1
    set captive-portal-ssl-port 7831
end

  3. Configure the global web proxy settings to use a customized SSL certificate:

    config web-proxy global
    set ssl-cert "server_cert"
end

  4. On the Windows PC, go to Settings > Network & Internet > Proxy.

  5. In the Automatic proxy setup section, click Save to trigger the PAC file download from the HTTPS URL.

Previous
Next