Description
This article describes how to enable web-proxy authentication requests initiated by the firewall that time out due to no response.
Scope
FortiGate version 5.6.0 and above.
Solution
When applications like Adobe or Microsoft Office need to connect to the servers over the internet through a FortiGate acting as a proxy and the session needs to be authenticated, the firewall sends a '407 Authentication Request' message to the session initiator. The application, which does not understand the message is disregarding the authentication request, and the request times out.
In order to see which applications are receiving these requests that are timing out, to exclude their traffic from being intercepted by web proxy, the requests can be logged.
To log this traffic, the following configuration needs to be done on the firewall side using the following command:
config web-proxy explicit
set trace-auth-no-rsp enable <----- disable is the default value.
end
Related documents:
config web-proxy explicit
