FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

In some specific configuration, HTTP and HTTPS ports are not the standard ones (80 and 443).

Following is an example with a Fortigate in Transparent before a web proxy :

< LAN >-----[ FGT-inTP ]------[ Web-Proxy - HTTP 8080 / HTTPs 8181 ]-----< Internet >

If the Fortigate is configured to use NTLM authentication, it must be configured to trigger this authentication on the ports used by the web proxy.



FortiOS 4.0 and above.



In the "user setting" configuration, two "auth-ports" entries have to be created. One with the web proxy  HTTP port, the second one with the web proxy HTTPS port.

Example (CLI only) :

config user setting
        config auth-ports
            edit 1
                set port 8080
            edit 2
                set port 8181

Important : both entries here above are set with  "type http", which is not displayed because being the default values. This can be verified when typing "get" :

FGT # config user setting
FGT (setting) # config auth-ports
FGT (auth-ports) # edit 1
FGT (1) # get

id                  : 1
port                : 8080
type                : http




Related Articles

Feature description - v4.0 Authentication of non standard ports