Block proxy external

Do you mean that a user is browsing the Internet using an external proxy server to bypass your firewall policies? What version of firmware are you using? MR3 versions have a ' Proxy Avoidance' category built into the Fortigate Web Filtering categories. Enable this, and most proxy avoidance sites will be unreachable.

I have the similar situation - users over https are connecting to external proxy servers and cann' t control these sessions. Our content filtering (CF) is running on other machine. Does Proxy Avoidance in FG Web Filtering category is running without CF licence?

Hi Robert_M, Here are suggestion for you: 1. Use the option ' Rate URLs by domain and IP address' . This should pick up the proxy IP address in the request and block access to it. 2. Add a rule on the server to detect URLs of this form and rate it in the proxy avoidance category. (Turn on this on HTTP & HTTPS for v3.00MR3) 3. Add a firewall policy to block all proxy IP addresses. 4. Lock the end point machine from changing any Proxy setting. Hi Prometejas, FG Web Filtering will not work without valid CF licence.

Hi Prometejas, Oh, this is a known issue for low end FortiGate, ex. FG60. My customer was complaining me everyday, hahaha. Learned the leason, I' ll only propose FG100A onward for new customer.

Remember services cost more for the bigger models (i.e. say around $600 for the bundle at the low end, but more like $400 per service at the FG100 end) ... FG60' s still have their place but definately less than 25 users with bandwidth less than about 4 mb.