Description | This article describes how to configure a transparent proxy in FortiGate to forward specific destination traffic to Web Proxy Forwarding Servers. |
Scope | All supported versions of FortiGate (make sure the FortiGate support for proxies - some devices with less RAM will not have this feature in 7.6.x). |
Solution |
In the transparent proxy configuration, the user has no visibility into proxy settings (no need to configure them explicitly on the endpoint).
Traffic flow in transparent proxy mode (on FortiGate):
http-policy-redirect
Make sure that if an HTTPS redirect is required, the SSL deep inspection is required in the regular firewall policy. FortiGate regular firewall policy:
config firewall policy edit 1 set name "1" next
FortiGate proxy policy:
config firewall proxy-policy edit 5 set proxy transparent-web next end
No special configuration is required on the client to use FortiGate transparent proxy. As the client is using the FortiGate as its default gateway, requests will first hit the regular firewall policy, and then be redirected to the transparent proxy policy.
By default, while sending the traffic to the forward web proxy, FortiGate will use the wan-link IP address used in the firewall policy. To specify the outgoing IP address, use the following option:
config web-proxy explicit set outgoing-ip 172.28.52.101 <- Make sure this IP address is assigned on any of the FortiGate interfaces. end
It is also possible to specify the address object in proxy configuration based on URL category so that only the matching category traffic will be forwarded to the forward proxy servers.
In this address type, a user can create a URL category based on a FortiGuard URL ID. Once created, the address can be selected as a destination of a proxy policy. This means that a policy will only allow or block requests that match the URL category. For more information about categories, see this FortiGuard page.
config firewall proxy-address edit "url-category" set uuid 7a5465d2-57cf-51e9-49fd-0c6b5ad2ff4f next
Reference configuration guide: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.