Skip to main content
spyke62
spyke62
New Member
July 24, 2017
Question

Explicit web proxy - advantages ?

  • July 24, 2017
  • 2 replies
  • 13876 views

Hi,

 

I use fortios 5.2 / 5.4 

 

I only use transparent proxy and manage rules (server, nat, users access) via the menu "Policy -> IPV4" 

 

I know when you activate explicite proxy, a new menu is available to use access via fortgate explicite proxy.

You need to configure web browser firewall  with IP and port. 

 

But what is the advantages of using the explicit proxy rather than transparent proxy ? 

 

Thank you, 

Spyke 

 

    2 replies

    ipns
    ipns
    New Member
    July 26, 2017

    Hi,

     

    In my opinion it's better to use the proxy rather than the explicit proxy. Some applications have some issues with explicit proxy and will not use it. So for a more complete picture, you use normal proxy.

    When you have a company which devides the network management and system management to different departments, it may be handy to let the proxy settings be managed by the system management. Then u can choose to use explicit proxy so system management can alter the settings by using GPO's.

    But in the end, when you have the choice, don't use explicit proxy.

    Wurstsalat
    Wurstsalat
    Explorer
    August 3, 2017

    On fortios 5.2/5.4 you cant use web authentication...with 5.6 you have this ability. The ip based authentication method was for me never really realiable...so if you want authentication which is a bit reliable, go for explicit or fortios 5.6 (would not recommend at the Moment)

    If you want something like forms based auth (for whatever reason, disclaimer or what else), go for explicit

    if you want to control your web traffic, you want ssl deep inspection, you go better with explicit

     

     

    emnoc
    emnoc
    New Member
    August 3, 2017

    Advantages ( explicit )

     

    You can enforce user proxy  via groups

    controls  id-polices  ( identity )

    You have more controls over what SSL or now I guess TLS ciphers that are in used

    header insertions

    You can craft numerous  explicit proxy that  indirectly have different profiles

     

    e.g in a schoold

     

     explicitproxy 01 ---Police, resource Officers, Faculty

     explicitproxy 02 -- students K-4

     explicitproxy 03 -- students 5-8

     explicitproxy 04 -- students 9-12

     explicitproxy 05 -- guest

     

    Each could have it owns authentication methods

     

    e.g

     

    Proxy 01  local

    Proxy 02  LDAP elem.example.edu

    Proxy 03  LDAP middle.example.edu

    Proxy 04  LDAP high.example.edu

     

     

     

    Dis-advanatge, you need a hard configuration or some type of PAC or AUTO-discovery

     

     

    Adv/Dis-advantage of explicit are the reverse in transparent.

    MikePruett
    MikePruett
    New Member
    August 4, 2017

    I have a client for a school that uses explicit proxy for interior and exterior users. Loves it and swears by it. Does what was mentioned previously and gives each group their own policy.

     

    Disperses via PAC file

    Terms & ConditionsAccessibility statement