Web Proxy
System Network
FortiGate Version 4.0 Administration Guide
148
01-400-89802-20090424
To enable the explicit web proxy on one or more interfaces
To use the explicit web proxy, users must add a proxy server to their web browser
configuration. The IP address of the proxy server would be the IP address of the FortiGate
interface connected to their network (if the FortiGate unit is operating in NAT mode) or the
management IP address (if the FortiGate unit is operating in transparent mode). The port
number of the proxy server would be the same as the Explicit web proxy Port configured
step
below.
1
Go to
System > Network > Interface
.
2
Select an interface to enable the explicit web proxy for.
3
Select
Enable explicit web proxy
, and save the changes.
4
Repeat to enable the explicit web proxy on all of the interfaces that users will connect
to when web browsing.
When you go to
System > Network > Web Proxy
, under
Explicit web proxy
you will see
the interfaces that you enabled.
5
Go to
System > Network > Web Proxy
and select
Enable Explicit Proxy
.
6
Enter a Port number for the explicit proxy.
For example, 8888.
7
Select Apply to save your changes.
Max HTTP message length
Enter the maximum length of an HTTP message. Larger messages
will be rejected.
Add headers to Forwarded
Requests
The web proxy server will forward HTTP requests to the internal
network. You can include the following headers in those requests:
Client IP Header
Enable to include the Client IP Header from the original HTTP
request.
Via Header
Enable to include the Via Header from the original HTTP request.
X-forwarded-for Header
Enable to include the X-Forwarded-For (XFF) HTTP header.
The XFF HTTP header identifies the originating IP address of a
web client or browser that is connecting through an HTTP proxy,
and the remote addresses it passed through to this point.
Front-end HTTPS Header
Enable to include the Front-end HTTP Header from the original
HTTPS request.
Explicit Web Proxy Options
Web proxies can be transparent or explicit. Transparent web proxy
does not modify the web traffic in any way, but just forwards it to the
destination. Explicit web proxy can modify web traffic to provide
extra services and administration.
Explicit web proxy is configured with the following options.
Enable Explicit Web
Proxy
Enable the explicit web proxy.
Port
Enter the explicit web proxy server port. To use the explicit proxy,
users must add this port to their web browser proxy configuration.
Listen on Interfaces
Displays the interfaces that are being monitored by the explicit web
proxy server.
Unknown HTTP version
Select the action to take when the proxy server must handle an
unknown HTTP version request or message. Choose from either
Reject or Best Effort. The Reject option is more secure.
Note:
Only interfaces that have explicit web proxy enabled and are in the current VDOM
will be displayed. If an interface has a VLAN subinterface configured, it must be enabled
separately for explicit web proxy. Enabled interfaces will be displayed independent of
explicit web proxy being enabled or not on the Web Proxy screen.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...