Technical Tip: Configuring and troubleshooting tra...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 408389

Description

This article describes the steps to troubleshoot and resolve page timeouts and session timeouts on FortiGate with transparent proxy. The issue is observed when the FortiGate is configured with transparent proxy and the traffic is forwarded to an upstream proxy server.

Scope

FortiGate.

Solution

When configuring a transparent proxy with proxy chaining, traffic matching a firewall policy can be redirected to a transparent proxy policy instead of being forwarded directly to an upstream proxy server. This setup provides greater visibility and control of web traffic.

Steps:

Enable the 'http-policy-redirect' option on the firewall policy to redirect the matching traffic to the transparent proxy policy on the FortiGate instead of forwarding to the proxy server directly.

Create a proxy-policy to allow all the traffic redirected by the firewall policy. Refer to the Technical Tip: Transparent proxy with proxy chaining and Transparent Web Proxy Forwarding for more information.
If the issue persists, collect the output of the following commands when the FortiGate is under load:

diagnose wad session list | grep total

diagnose wad stats worker

execute tac report

Analyse the collected output for anomalies, such as uneven worker load or unusually high session counts.

119

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Configuring and troubleshooting transparent proxy with proxy chaining on FortiGate

You are leaving our website