Troubleshooting Tip: A FortiGate with Explicit Proxy and Authentication Rules configured does not display a login pop-up page to fill up for https websites

1. After configuring Explicit Proxy and Authentication Rules on FortiGate, HTTPS websites do not display the login pop-up page for user authentication. The issue occurs after upgrading FortiOS to be v7.4.5 build2702.
   
   
2. Configure FortiGate with Explicit Proxy and Authentication Rules as below.

config system settings

    set gui-proxy-inspection enable

    set gui-explicit-proxy enable

    set gui-allow-unnamed-policy enable

end

config web-proxy explicit

    set status enable

    set http-incoming-port 8080

    set https-incoming-port 8080

end

config web-proxy global

    set proxy-fqdn "default.fqdn"

end

config system interface

    edit "port1"

        set vdom "root"

        set ip 10.45.4.159 255.255.240.0

        set allowaccess ping https ssh http telnet fgfm

        set type physical

        set snmp-index 1

    next

    edit "port5"

        set vdom "root"

        set ip 10.195.4.195 255.255.240.0

        set allowaccess ping https ssh http telnet fgfm

        set type physical

        set explicit-web-proxy enable

        set proxy-captive-portal enable

        set snmp-index 5

    next

end

config authentication scheme

    edit "testScheme1"

        set method basic

        set user-database "local-user-db"

    next

end

config authentication setting

    set active-auth-scheme "testScheme1"

    set update-time 2025-01-02 22:33:35

    set captive-portal-type ip

end

config authentication rule

    edit "testAuthen1"

        set srcintf "port5"

        set srcaddr "all"

        set active-auth-method "testScheme1"

    next

    edit "testAuthen2SocSec"

        set protocol socks

        set srcintf "port5"

        set srcaddr "all"

        set active-auth-method "testScheme1"

    next

end

config firewall proxy-policy

    edit 1

        set name "TestExplicit1"

        set proxy explicit-web

        set dstintf "port1"

        set srcaddr "all"

        set dstaddr "all"

        set service "webproxy"

        set action accept

        set schedule "always"

        set groups "group1"

    next

end

3. When the users access the http website, it shows the login pop-up page to fill up the username and password.
   
   

When the users access https websites, the login pop-up page does not appear. As a result, users can access https websites without inputting the username or password.

To fix this:

This problem is related to known issue (ID: 1116834). To fix it, upgrade the FortiGate firmware version to v7.4.9 or higher.