Technical Tip: Configuring and troubleshooting transparent proxy with proxy chaining on FortiGate

When configuring a transparent proxy with proxy chaining, traffic matching a firewall policy can be redirected to a transparent proxy policy instead of being forwarded directly to an upstream proxy server. This setup provides greater visibility and control of web traffic.

1. Enable the 'http-policy-redirect' option on the firewall policy to redirect the matching traffic to the transparent proxy policy on the FortiGate instead of forwarding to the proxy server directly.

2. Create a proxy-policy to allow all the traffic redirected by the firewall policy. Refer to Technical Tip: Transparent proxy with proxy chaining and Transparent Web Proxy Forwarding for more information.

    

3. If the issue persists, collect the output of the following commands when the FortiGate is under load: 

4. Analyze the collected output for anomalies, such as uneven worker load or unusually high session counts.

Related articles:
Technical Tip: FortiGate transparent proxy with web cookie 
Technical Tip: Traffic redirection to transparent proxy might not be working as expected in some scenarios