FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to enable multiple outgoing IP for explicit web-proxy.
Solution In order to configure multiple outgoing IP for explicit web-proxy, you need to configure the secondary IP in the external interface for outgoing traffic.
1. Configure multiple secondary IP:
config system interface edit "port1" set vdom "root" set ip 10.1.1.73 255.255.252.0 set allowaccess ping https ssh http telnet set type physical set snmp-index 1 set secondary-IP enable config secondaryip edit 1 set ip 10.1.0.214 255.255.252.0 next edit 2 set ip 10.1.0.215 255.255.252.0 next end next end
2. Enable multiple outgoing IP address in explicit webproxy setting:
config web-proxy explicit set status enable set http-incoming-port 8080 set outgoing-ip 10.1.0.214 10.1.0.215 end
3. Run sniffer command to verify if both IP are being used for outgoing traffic:
diag sniffer packet port1 ‘host 10.1.0.214’ 4 0 l diag sniffer packet port1 ‘host 10.1.0.215’ 4 0 l