FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 273868
Description This article describes how to configure Proxy policy while using a web proxy forwarding server.
Scope FortiGate.

In a proxy setup the Forwarding-server configuration is as below:


config web-proxy forward-server
    edit "proxy-1"
        set ip
        set healthcheck enable
        set monitor ""


And this forward-server is reachable via port3:


Routing table for VRF=0
S* [10/0] via, port1, [1/0]
C is directly connected, port1
C is directly connected, port2
C is directly connected, port3
C is directly connected, port4


However, the Proxy policy should be configured as per the default route on the Fortigate but not the outgoing interface set to port3 as the policy will not take a hit.


Correct Proxy policy for the above scenario:


config firewall proxy-policy
    edit 1
        set uuid cacd1f0e-506d-51ee-6c1d-9727ee9c89fd
        set name "test"
        set proxy explicit-web
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "webproxy"
        set action accept
        set schedule "always"
        set logtraffic all
        set webproxy-forward-server "proxy-1"
        set utm-status enable


Use following command to verify the health of the forward-server.


diag sys health-check show



Both the explicit proxy device and the forward server should be able to resolve the hostnames for the requests coming from the client.