Created on 10-06-2021 07:45 AM Edited on 11-17-2021 10:37 PM By Anthony_E
Description
This article expands upon the transparent web-proxy configuration guide:
https://docs.fortinet.com/document/fortigate/6.4.7/administration-guide/15908/transparent-proxy
Solution
FortiGates, when serving as transparent web-proxy, might still present their own certificates to the user during authentication if it happens over HTTPS, which can lead to certificate errors if the FortiGate certificates are not trusted.
This usually shows as warnings/errors in browsers regarding untrusted certificates or certificate issuers, such as this:
# config user settingCertificates for transparent (web) proxy in particular, however, are specified here:
set auth-cert <server certificate>
set auth-ca-cert <CA certificate of server certificate>
end
# config web-proxy globalIf a proxy-fqdn is defined here, the server certificate must contain the FQDN as subject and/or Subject Alternative Name.
set ssl-cert <server certificate>
set ssl-ca-cert <server certificate>
set proxy-fqdn <FQDN of FortiGate>
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.