FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 191938

This article describes how to add x-fowarded-for header to all HTTP traffic handled by an explicit proxy policy.

When FortiGate is configured as explicit proxy, add x-forwarded-for header to all HTTP traffic accepted by the proxy policy is possible.
Create explicit web proxy profiles that can add x-forwarded-for header is possible.

Create web profile profile from CLI:

# config web-proxy profile
    edit <name>
        set header-x-forwarded-for add     <----- This command will add x-forwarded-for header.

Use the following command to add above web proxy profile to an running explicit proxy policy:

# config firewall proxy-policy
    edit <id>
        set webproxy-profile <name>

NOTE: x-forwarded-for header is a standard header for identifying the original IP address of a client connecting to Fortigate proxy.

This header can be useful when FortiGate is placed below an existing proxy (3rd party Proxy) and that proxy unit needs to enforce action based on the IP address kept in the 'X-Forwarded-For' header instead of the actual source IP address - which is the address of the FortiGate.

From FortiOS 5.6v with a 3.2x IPS engine (at least) are able to process the 'X-Forwarded-For' IPs into the IPS logs.

Related Articles

Technical Note: X-Forwarded-For and True-Client-IP options for Flow-Based UTM on FortiGate

Technical Tip: How to add X-forwarded headers to the traffic towards protected Webserver behind Fort...