Skip to main content
JDNULC
JDNULC
New Member
March 16, 2022
Question

Transparent Web proxy with Kerberos Auth

  • March 16, 2022
  • 4 replies
  • 4596 views

Hi

 

I have been following the kerberos explicit proxy setup guide and have managed to get it working successfully. The down side of this setup is that I need to set the proxy server address on every machine or use wpad etc Im not sure if I dreamt this (sad I know) but I’m sure I read that you can setup the transparent Web proxy up to also use kerberos authentication.

 

Is this possible?? If so can anyone point me in the direction of the setup guide, share their config or just explain the steps needed to set it up?

 

Thanks in advance.

    4 replies

    Debbie_FTNT
    Staff & Editor
    Debbie_FTNT
    Staff & Editor
    March 17, 2022

    Hey JDNULC,

    I wrote a KB for transparent proxy authentication: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-transparent-proxy-with-web-cookie-for/ta-p/205238

    The example here uses basic authentication, but you can use the existing authentication rule for Kerberos instead (just enable web-auth-cookie in that authentication rule as well) and everyhting else as outlined in the KB (regular firewall policy, proxy policy, authentication settings).

      JDNULC
      JDNULCAuthor
      New Member
      April 3, 2022

      Hi Debbie

       

      Thanks for the link it was really helpful and got it working for me.

       

      Just one more question. Where do I add the security profiles? on the firewall policy? or just the proxy policy? or both?

      We will need the following profiles WEB, APP, DPI,DNS, IPS. Are there any limitation doing this through the transparent proxy?

       

      Again thanks for your help

      Elzhan
      Elzhan
      Explorer
      December 26, 2022

      Hello JDNULC

      Have you got what you asked about - Kerberos auth for non-web traffic on Transparent proxy? If yes could you share the way?

      Thank you,

      Debbie_FTNT
      Staff & Editor
      Debbie_FTNT
      Staff & Editor
      April 4, 2022

      Hey JDNULC,

      I'm not sure, to be honest; I come from the authentication side in FortiGate, not so much the UTM side.

      However, as the IPv4 policy essentially redirects the HTTP/HTTPS traffic to the proxy policy, I believe you will want to apply most UTM there.

      Non-HTTP/HTTPS traffic (DNS for example) would not be redirected, so any UTM you want to apply to that (DNS filter for example) you should set in the IPv4 policy - at least that is my understanding of the setup.

      I hope that helps!

      reckstay
      reckstay
      New Member
      December 26, 2022

      Thanks for the link it was really helpful and got it working for me.

      hellodear.in

      tea tv apk

      Terms & ConditionsAccessibility statement