Fortigate web-proxy auth rules

Question

Has anybody ever gotten a local user db working with an explicit proxy? on any FortiOS version? I have cfg and policy and it looks good but every time I test it shows needs authentication.

sample of the cfg I've been testing on now 3 different fortigate

homefgt (root) # show authentication rule
config authentication rule
edit "proxy-auth"
set srcaddr "all"
set active-auth-method "Auth-scheme-Negotiate"
next
end

homefgt (root) # show authentication setting
config authentication setting
set active-auth-scheme "Auth-scheme-Negotiate"
end

homefgt (root) # show user group proxy_user
config user group
edit "proxy_user"
set member "kfelix1" "kfelix"
next
end

homefgt (root) # show firewall proxy-policy
config firewall proxy-policy
edit 1
set uuid 0428149c-e925-51ef-1e15-2684e04091ae
set proxy explicit-web
set dstintf "wan1" "wan2"
set srcaddr "all"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set logtraffic all
set groups "proxy_user"
next
end

diag wad debug enable auth

show my Basic AUTHORIZATION which decodes correctly but I believe I'm not matching the authrule, I'm using the simplest auth schema also

homefgt (root) # show authentication scheme
config authentication scheme
edit "exproxy"
set method negotiate
next
edit "Auth-scheme-Negotiate"
set method basic
set user-database "local-user-db"
next
end

Any ideals?

emnoc · Answer

Okay I made headway with curl but my browser is hosed up

homefgt (root) # diag wad session list

Session: explicit proxy 192.168.1.111:51005(xxxx.xxx.xxxx.xxx:8568)->23.223.33.16:80
id=668058720 vd=0:0 fw-policy=1
duration=0 expire=3600 session-ttl=3600
state=3 app=http sub_type=0 dd_mode=0 dd_method=0
SSL disabled
to-client
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=184 bytes_out=0 shutdown=0x0
to-server
TCP Port:
state=2 r_blocks=0 w_blocks=0 read_blocked=0
bytes_in=0 bytes_out=103 shutdown=0x0

Sessions total=1

homefgt (root) # diag wad user
list List proxy users.
clear Clear all users or clear a particular user using: diagnose wad user clear <ID> <IP> <VDOM>.
info Query user info with <type> and <value>. [Take 0-2 arg(s)]
exchange Test connectivity with user-exchange.
device Get device info. [Take 0-4 arg(s)]

homefgt (root) # diag wad user list

ID: 4, IP: 192.168.1.111, VDOM: root
user name : kfelix
duration : 155
auth_type : IP
auth_method : Basic
pol_id : 1
g_id : 7
user_based : 0
expire : 300
LAN:
bytes_in=187128 bytes_out=1519115
WAN:
bytes_in=1543523 bytes_out=104751

So I'm still investigating why

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded