Description |
This article describes how to use the new proxy features implemented in version 7.2.4, as well as how to enable them in lower-end FortiGate models. |
Scope | FortiGate 7.2.4+ (models 40F, 6xE, 6xF, 8xE). |
Solution |
In order to use some features (namely the virtual server load balancer and security profile proxy features), it is necessary to configure a firewall policy with proxy inspection mode.
There is a new feature ('gui-proxy-inspection') that is disabled by default on low-end platforms with 2GB or less RAM starting on version 7.2.4 (models 40F, 6xE, 6xF, 8xE). See the release notes for more information.
When the settings 'gui-proxy-inspection' and 'proxy-and-explicit-proxy' are disabled, some features are greyed out or removed from the GUI:
To enable the Proxy Inspection on Firewall Policies, first log in to the FortiGate through the GUI and open a new CLI connection. After, run the following commands:
config system global set proxy-and-explicit-proxy enable end
config system settings set gui-proxy-inspection enable end
Refresh the browser. After, it will be possible to select the inspection mode on the desired firewall policy or enable certain required proxy features.
Note that, when using proxy features, the CPU and memory load may increase. This is because FortiGate buffers all traffic to make appropriate decisions when in proxy-based mode. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.