System Network Configuring the explicit web proxy
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 211
http://docs.fortinet.com/ • Feedback
To enable the explicit web proxy on one or more interfaces
To use the explicit web proxy, users must add a proxy server to their web browser
configuration. The IP address of the proxy server would be the IP address of the FortiGate
interface connected to their network (if the FortiGate unit is operating in NAT mode) or the
management IP address (if the FortiGate unit is operating in transparent mode). The port
number of the proxy server would be the same as the Explicit web proxy Port configured
step 6 below.
1 Go to System > Network > Interface.
2 Select an interface to enable the explicit web proxy for.
3 Select Enable explicit web proxy, and save the changes.
4 Repeat to enable the explicit web proxy on all of the interfaces that users will connect
to when web browsing.
When you go to System > Network > Web Proxy, under Explicit web proxy you will see
the interfaces that you enabled.
Proxy FQDN Enter the fully qualified domain name (FQDN) for the proxy server.
This is the domain name to enter into browsers to access the proxy
server.
Max HTTP request length Enter the maximum length of an HTTP request. Larger requests
will be rejected.
Max HTTP message length Enter the maximum length of an HTTP message. Larger messages
will be rejected.
Add headers to Forwarded
Requests
The web proxy server will forward HTTP requests to the internal
network. You can include the following headers in those requests:
Client IP Header Enable to include the Client IP Header from the original HTTP
request.
Via Header Enable to include the Via Header from the original HTTP request.
X-forwarded-for Header Enable to include the X-Forwarded-For (XFF) HTTP header.
The XFF HTTP header identifies the originating IP address of a
web client or browser that is connecting through an HTTP proxy,
and the remote addresses it passed through to this point.
Front-end HTTPS Header Enable to include the Front-end HTTP Header from the original
HTTPS request.
Explicit Web Proxy Options Web proxies can be transparent or explicit. Transparent web proxy
does not modify the web traffic in any way, but just forwards it to the
destination. Explicit web proxy can modify web traffic to provide
extra services and administration.
Explicit web proxy is configured with the following options.
Enable Explicit Web
Proxy
Enable the explicit web proxy.
Port Enter the explicit web proxy server port. To use the explicit proxy,
users must add this port to their web browser proxy configuration.
Listen on Interfaces Displays the interfaces that are being monitored by the explicit web
proxy server.
Unknown HTTP version Select the action to take when the proxy server must handle an
unknown HTTP version request or message. Choose from either
Reject or Best Effort. The Reject option is more secure.
Note: Only interfaces that have explicit web proxy enabled and are in the current VDOM
will be displayed. If an interface has a VLAN subinterface configured, it must be enabled
separately for explicit web proxy. Enabled interfaces will be displayed independent of
explicit web proxy being enabled or not on the Web Proxy screen.
To Next Page
Loading...
Need help?
General
