Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nsaini
Staff
Staff

Created on ‎10-06-2022 11:42 AM

Article Id 225957

Technical Tip: Session scaling issue with explicit web proxy on FortiGate-6000/7000 series

Description This article describes the workaround how to fix the explicit web proxy session scaling issue on 6000/7000 if using single interface IP.
Scope FortiGate-6000/7000.
Solution

For each FPC, each IP can have only 2.1k sessions via explicit web proxy. Due to this limitation, some users may get a '504 gateway timeout: remote server did not respond to the proxy' error.

 

HTTP clients -----------Explicit proxy(FGT6KF)------------HTTP server

 

Using IP Pools in the proxy policy will make the outbound flow to use the number of IP addresses in the IP Pool instead of just using the outbound interface's IP  address.

This will help to scale the web proxy sessions (2.1k * IP Pool addresses).

 

explicit kb pic right.png
1235
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.