Technical Note: WebCache works in Proxy Mode Only with Flow Base UTM Features
Description
Solution
WebCache works in Proxy Mode Only and cannot work with Flow Base UTM Features. This article explains how to take in consideration UTM features when using also WebCache.
WebCache (like WanOpt) is a Proxy feature on FortiGate that can be enabled into a policy. In the same policy it is also possible to enable any other UTM feature like AV, Webfilter, IPS, Application Control, VOIP etc.
Most of those features can operate in Proxy Mode and Flow Mode.
WebCache (like WanOpt) is a Proxy feature on FortiGate that can be enabled into a policy. In the same policy it is also possible to enable any other UTM feature like AV, Webfilter, IPS, Application Control, VOIP etc.
Most of those features can operate in Proxy Mode and Flow Mode.
Solution
Since the WebCache is Proxy Mode only, it is recommended to use those features in Proxy Mode when enabled with WebCache into the same policy.
Basic Symptoms examples using WebFilter UTM feature.
1) Working
2) NOT Working
Basic Symptoms examples using WebFilter UTM feature.
1) Working
FGT90D # config firewall policyResults in WebCache Monitoring
edit 1
set srcintf "internal1"
set dstintf "virtual-wan-link"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "HTTP" "HTTPS"
set utm-status enable
set webcache enable -->
set webfilter-profile "Web Filter Test" -->
set profile-protocol-options "default"
set nat enable
next
end
FGT90D # config webfilter profile
edit "Web Filter Test "
set comment ''
set replacemsg-group ''
set inspection-mode proxy ------> (default)
end
end
2) NOT Working
FGT90D # config webfilter profileResults in WebCache Monitoring
edit "Web Filter Test "
set comment ''
set replacemsg-group ''
set inspection-mode flow-based ------>
end
end