FortiProxy explicit proxy, ssl deep inspection and forward proxy

Forum|Forum|10 months ago
August 8, 2025
1 reply
645 views

We have a customer that wants to use FortiProxy but has a requirement that seems to be unsupported:

1.) He must forward to an upstream HTTP proxy for regulatory reasons.

2.) He needs SSL deep inspection on FortiProxy to apply UTM profiles and content inspection rules.
3.) Network topology does not support transparent mode, FortiProxy should use explicit mode.

4.) User-Authentifacation against on premise AD (NTML or Kerberos).

FortiProxy does support any of these but fails to support the combination of 1 and 2.

Is there any way to have FortiProxy forward web traffic to an upstream HTTP Proxy with full SSL inspection and UTM features?
Is such a feature even on the Roadmap?

It would be a bummer to lose that opportunity.

RBA

Staff

Point 1 and 2 you would need a forward server config on the FortiProxy or proxy chaining. Refer article How to configure web proxy forwarding ser... - Fortinet Community

JPMfgAuthor

Visitor III

Forward server and SSL deep inspection are mutually exclusive.
When you add forwarding server to a rule you must use a ssl profile that does not have any deep-inspection options set.
When you select a deep-inspection SSL profile you cannot set a forwarding server.

These two options are currently mutually exclusive but that is a requirement here :\
I wonder why that limitation exists and if there are any plans on lifting it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded