60F Explicit Proxy - Source Interface

Dan_Eng52 · ‎07-07-2023

Hi all,

I have FortiGate 60F running version 7.4.0 and have an Explicit Proxy setup. As you can see in the interface CLI output I have the set explicit-web-proxy enabled option configured on the interface however, when I try to create my policy in the Explicit Policy it shows that it isn't enabled on any interfaces.

I haven't come across this issue before, typically enabling this in the GUI causes the interface to be displayed in the policy. Is this because I have an aggregate interface setup and that is causing an issue, has anyone come across this issue before and have any ideas as to what I can do for the interface to appear in the policy?

Thanks,
Dan.

Anthony_E · ‎07-09-2023

Hello Dan,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

knagaraju · ‎07-09-2023

Hello Dan_Eng52,

May I know if you are unable to configure a proxy policy with aggregate interface ?
May I know if you have enabled explicit proxy under Network>>explicit proxy>>Listen on Interfaces as aggregate ?

Regards
Nagaraju.

Dan_Eng52 · ‎07-10-2023

Hi Knagaraju,

Thanks for your response.

I can confirm that I have my aggregate interface set in the Listen on Interfaces section within the Explicit proxy settings. I've tried this with another interface also and no matter which one I use it seems that the interface is never displayed in the policy so cannot select the interface.

Regards,

Dan.

Dan_Eng52 · ‎07-11-2023

Hi Knagaraju,

Still no joy, tried rebooting the firewall as well as disabling/enabling port and features i.e. explicit proxy feature, explicit proxy on interface level etc. I just don't understand why when I enable explicit proxy on the interface and try to create a proxy policy the interface I have enabled it on doesn't appear it just says none per snippet below despite being enabled on interface and listening on interface in Explicit Proxy settings.

Thanks,
Dan.

Debbie_FTNT · ‎07-11-2023

Hey Dan - I did a quick test on a lab FortiGate 7.2.5 I still had left over, created an aggregate interface, enabled explicit proxy, and created an explicit proxy policy. I also see 'None' listed in the source interfaces in the proxy policy, but I could successfully create one. I haven't got around to actually testing traffic yet, but I didn't get any errors anywhere along the way.
I'm inclined to say this is merely a GUI issue (maybe it cannot display aggregate interfaces in proxy-policies?) - it might be worth configuring a policy and testing if traffic is allowed, even if the interface display in policy says 'None'?

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

srajeswaran · ‎07-11-2023

Our engineering team is aware about this issue and the fix is available on upcoming releases 7.2.6 and 7.4.1

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Dan_Eng52 · ‎07-11-2023

Hi Srajeswaran,

That's great, thank you for you response.

Do you have any idea on timeframe in regards to the upcoming release or are aware of a release I can use to get this up and running?

Regards,

Dan.

srajeswaran · ‎07-11-2023

7.4.1 is expected next month. Also, as Debbie mentioned, ideally this should not affect the actual traffic as it is kind of GUI/Display issue.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.