Skip to main content
maeLove
maeLove
New Member
January 26, 2015
Question

Fortinet as Proxy Server

  • January 26, 2015
  • 5 replies
  • 40341 views

Hi everyone,

 

I just wanna ask if a certain fortinet firewall can be setup as a Proxy Server? What particular model can you suggest?

I'm planning to setup a Proxy Server as a gateway to the internet. This firewall will be passing through other firewall (setup will be behind other firewall) that is in site-to-site setup. Thank you.

 

 

Regards

    5 replies

    damiri
    damiri
    New Member
    January 26, 2015

    I believe you can set pretty much any Fortigate as proxy. However, keep in mind that is impossible to track inbound and outbound connection and get them in correlation. 

    hklb
    hklb
    Visitor III
    January 27, 2015

    Hello,

     

    maeLove wrote:
    Hi everyone, I just wanna ask if a certain fortinet firewall can be setup as a Proxy Server? What particular model can you suggest? I'm planning to setup a Proxy Server as a gateway to the internet. This firewall will be passing through other firewall (setup will be behind other firewall) that is in site-to-site setup. Thank you.

    Yes, you can use fortigate as a proxy server (http/s and ftp). The model depend of what do you want : only web filtering ? or full UTM ? how many users do you have ? explicit proxy uses more ressource than proxy in transparent mode.. Normally, your fortinet partner should be able to do the sizing correctly..

     

    damiri wrote:
    However, keep in mind that is impossible to track inbound and outbound connection and get them in correlation.
    What do you mean ?

     

    Lucas

    maeLove
    maeLoveAuthor
    New Member
    January 29, 2015

    hklb wrote:

    Yes, you can use fortigate as a proxy server (http/s and ftp). The model depend of what do you want : only web filtering ? or full UTM ? how many users do you have ? explicit proxy uses more ressource than proxy in transparent mode.. Normally, your fortinet partner should be able to do the sizing correctly..

     

     

    Hi,

    Their need is a full UTM. They have 130-140 users on LAN (only 70-80 with internet access). What do you mean by "more resources" in explicit proxy than in transparent mode? 'Coz, probably they're planning to setup in transparent mode, behind their ISP's firewall.

    Thank you.

     

     

    Regards 

     

     

    hklb
    hklb
    Visitor III
    January 29, 2015

    maeLove wrote:

    hklb wrote:

    Yes, you can use fortigate as a proxy server (http/s and ftp). The model depend of what do you want : only web filtering ? or full UTM ? how many users do you have ? explicit proxy uses more ressource than proxy in transparent mode.. Normally, your fortinet partner should be able to do the sizing correctly..

     

     

    Hi,

    Their need is a full UTM. They have 130-140 users on LAN (only 70-80 with internet access). What do you mean by "more resources" in explicit proxy than in transparent mode? 'Coz, probably they're planning to setup in transparent mode, behind their ISP's firewall.

    Thank you.

     

     

    Regards 

     

     

    Hi

     

    The explicit proxy has the process wad and will consume more ressource than if you configure as a proxy transparent (proxy transparent : define a web filter profile as proxy and add this one on your firewall policy)

     

    The 100D should be work..

    HASimac
    HASimac
    New Member
    January 27, 2015

    Hello,

     

    One of our customer replace Bluecoat solution (SG and AV appliances) with FGT100D (configured in explicit proxy).

    Around 90 people are connected.

    UTM features enabled: AV, URL Filtering, IPS, SSL Inspection, DLP, Application Control.

    Proxy Authentication (NTLM) is integrated with AD.

     

    Reporting and visbilility has been enhanced compared with Bluecoat solution.

     

    Regards,

     

    HA

     

    maeLove
    maeLoveAuthor
    New Member
    January 29, 2015

    HA wrote:

    One of our customer replace Bluecoat solution (SG and AV appliances) with FGT100D (configured in explicit proxy).

    Around 90 people are connected.

    UTM features enabled: AV, URL Filtering, IPS, SSL Inspection, DLP, Application Control.

    Proxy Authentication (NTLM) is integrated with AD.

     

    Reporting and visbilility has been enhanced compared with Bluecoat solution.

    Hi,

     

    Thank you for sharing this. Can I ask how you setup your FG-100D in your network? 'Coz our client want to add a firewall as their own, then they want also to configure it as their proxy server. They're actually connected to their ISP's firewall that has site-to-site vpn configured. So, probably their firewall will be setup behind (transparent mode) their ISP's firewall is that possible? Their isp can provide a public ip for their firewall. Thank you.

     

    Regards,

    Jam

    damiri
    damiri
    New Member
    January 27, 2015

    internal session is not connected to external session. 

    n00b
    n00b
    New Member
    November 22, 2016

    Yes, FortiGate can be setup as proxy server. The model depends on the size of the traffic passing through the appliance.

    Terms & ConditionsAccessibility statement