FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jfelix09
Staff
Staff
Article Id 247372
Description

This article describes how to use the new proxy features implemented in version 7.2.4, as well as how to enable them in lower-end FortiGate models.

Scope FortiGate 7.2.4+ (models 40F, 6xE, 6xF, 8xE).
Solution

In order to use some features (namely the virtual server load balancer and security profile proxy features), it is necessary to configure a firewall policy with proxy inspection mode.

 

There is a new feature ('gui-proxy-inspection') that is disabled by default on low-end platforms with 2GB or less RAM starting on version 7.2.4 (models 40F, 6xE, 6xF, 8xE). See the release notes for more information.

 

When the settings 'gui-proxy-inspection' and 'proxy-and-explicit-proxy' are disabled, some features are greyed out or removed from the GUI:

 

jfelix09_0-1677505968031.png
jfelix09_1-1677505968033.png

 

To enable the Proxy Inspection on Firewall Policies, first log in to the FortiGate through the GUI and open a new CLI connection. After, run the following commands:

 

config system global

set proxy-and-explicit-proxy enable

end

 

config system settings

set gui-proxy-inspection enable

end

 

Refresh the browser. After, it will be possible to select the inspection mode on the desired firewall policy or enable certain required proxy features.

 

jfelix09_2-1677505968034.png

 

Note that, when using proxy features, the CPU and memory load may increase. This is because FortiGate buffers all traffic to make appropriate decisions when in proxy-based mode.