Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jackie_T
Staff
Staff

Created on ‎11-10-2021 02:28 AM Edited on ‎11-30-2021 02:02 AM By Community Manager

Article Id 198196

Technical Tip: FortiOS unencrypted/encrypted HTTP/2 support in proxy

Description
This article describes feature to support HTTP/2 in FortiOS proxy mode.

 
Related document.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/710924/http-2-support-in-proxy-mode-...
Solution
Starting from FortiOS 7.0, HTTP/2 is supported in proxy mode with condition the traffic is secured by TLS 1.2 or 1.3.
 
This is being achieved by using the Application-Layer Protocol Negotiation (ALPN) extension.
 
The configuration can be done in command line interface:
 
To set the ALPN support.
 
# config firewall ssl-ssh-profile
    edit <profile>
set supported-alpn {all | http1-1 | http2 | none}
    next
end
 
However, it needs to be taken notes that HTTP/2 with plain text is not supported yet in FortiOS proxy mode. 
Hence, it might not work correctly if HTTP/2 unencrypted traffic is sent to process by FortiOS in proxy mode.
Labels:
2204
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.