Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jfelix09
Staff
Staff

Created on ‎02-27-2023 09:05 AM Edited on ‎10-29-2025 10:32 PM By Community Manager

Article Id 247372

Technical Tip: Using proxy features in lower-end FortiGates

Description

This article describes how to use the new proxy features implemented in version 7.2.4, as well as how to enable them in lower-end FortiGates.
Scope

FortiGate v7.2.4 and above, affected FortiGate models: FortiGate/FortiWiFi-30G, 40F, 50G, 60E, 60F, 80E, and 90E series of devices and their variants, and FortiGate-Rugged 50G and 60F.
Solution

To use some features (namely, the virtual server load balancer and security profile proxy features), it is necessary to configure a firewall policy or a security profile with proxy inspection mode.

 

There is a new feature ('gui-proxy-inspection') that is disabled by default on low-end platforms with 2GB or less RAM starting on v7.2.4. See the release notes for more information.

 

When the settings 'gui-proxy-inspection' and 'proxy-and-explicit-proxy' are disabled, some features are greyed out or removed from the GUI:

 

2024-08-22 12_56_12-247372_proxyfeature.png

 

jfelix09_1-1677505968033.png

 

To enable the Proxy Inspection on Firewall Policies, first log in to the FortiGate through the GUI and open a new CLI connection. After, run the following commands:

 

config system settings

    set gui-proxy-inspection enable

end

 

Refresh the browser. After, it will be possible to select the inspection mode on the desired firewall policy or enable certain required proxy features.

 

jfelix09_2-1677505968034.png

 

Note:

This appears when creating new Security profiles for (webfilter, antivirus)

 

When the 'set gui-proxy-inspection' is disabled, the option to select (proxy/flow) will not be available as per the image below:

 

image.png

 

When using proxy features, the CPU and memory load may increase. This is because FortiGate buffers all traffic to make appropriate decisions when in proxy-based mode.

 

Note: 

As part of improvements to enhance performance and optimize memory usage on FortiGates with 2 GB RAM or less, starting from v7.4.4, FortiOS no longer supports proxy-related features. This change impacts the FortiGate/FortiWiFi 40F, 60E, 60F, 80E, and 90E series of devices and their variants, and FortiGate-Rugged 60F (2 GB versions only).

 

G-Series FortiGates with 2GB of memory, such as the FortiGate 30G, 50G and their variants, do not support Proxy-Features in any of the v7.2.x. 

 

Irrespective of the setting 'set gui-proxy-inspection', enabled or disabled on the affected devices, you cannot set the mode to proxy based on the firewall policy for the affected low-end devices.

 

This will not affect the VMs with 2 GB RAM.

 

Related documents:

Proxy-related features not supported on FortiGate 2 GB RAM models

Technical Tip: Cannot enable Explicit Proxy feature in FortiGate 2GB Model
9386
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.