FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
osoleimani
Staff
Staff
Description
This document explains how to access the Internet using Explicit Proxy with the FortiGate in transparent mode.

The key to remember is that the browser on the workstation will point at the Management IP.  See details below.


Useful links:

Fortinet Documentation
Fortinet KB: http://www.fortinet.com/

External
Subnet calculator: http://www.subcalc.com/


Solution
On FortiGate (Transparent Mode):


1) Enable Explicit Proxy feature under System -> Config -> Features in GUI or by running the following CLI commands:
# config system global
(global) # set gui-explicit-proxy enable
(global) # end

2) Check 'HTTP / HTTPS' option to enable Explicit Web Proxy under System -> Network -> Explicit Proxy in the GUI or by running the following CLI commands:
# config web-proxy explicit
(explicit) # set status enable
(explicit) # end


3) Check 'Enable Explicit Web Proxy' on the Interface which the workstation is connected to under System -> Network -> Interface in the GUI or by running the following CLI commands:
# config system interface
(interface) # edit internal
(internal) # set explicit-web-proxy enable
(internal) # end

4) Configure a static default route, if not already configured  under System -> Network -> Routing Table in the GUI or by running the following CLI commands:
# config router static
static) # edit 1
(1) # set gateway <The default gateway IP address>
(1) # end

5) Configure an Explicit Proxy policy for the traffic which is coming from the workstation to 'any' interface under Policy & Objects -> Policy -> Explicit Proxy in the GUI or by running the following CLI commands:
# config firewall explicit-proxy-policy
(explicit-proxy-p~icy) # edit 1
(1) # set proxy web
(1) # set dstintf any
(1) # set srcaddr all
(1) # set dstaddr all
(1) # set service webproxy
(1) # set action accept
(1) # set schedule always
(1) # end

On the Windows Workstation:

Configure the Internet browser to use Web Proxy:
1) Configure proxy server based on the address of the Management IP* of the Transparent mode
2) Choose the port number based on the HTTP port number setting of Explicit Proxy configuration on FortiGate   # By default, it is 8080 #

* this is different than the default Gateway of the Workstation

Contributors