FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lmateus
Staff
Staff

Description
In some specific configuration, HTTP and HTTPS ports are not the standard ones (80 and 443).

Following is an example with a Fortigate in Transparent before a web proxy :

< LAN >-----[ FGT-inTP ]------[ Web-Proxy - HTTP 8080 / HTTPs 8181 ]-----< Internet >

If the Fortigate is configured to use NTLM authentication, it must be configured to trigger this authentication on the ports used by the web proxy.

 

 


Scope
FortiOS 4.0 and above.

 

 


Solution
In the "user setting" configuration, two "auth-ports" entries have to be created. One with the web proxy  HTTP port, the second one with the web proxy HTTPS port.

Example (CLI only) :

config user setting
        config auth-ports
            edit 1
                set port 8080
            next
            edit 2
                set port 8181
            next
        end
end


Important : both entries here above are set with  "type http", which is not displayed because being the default values. This can be verified when typing "get" :

FGT # config user setting
FGT (setting) # config auth-ports
FGT (auth-ports) # edit 1
FGT (1) # get

id                  : 1
port                : 8080
type                : http

 

 

 

Related Articles

Feature description - v4.0 Authentication of non standard ports

Contributors