Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
romain_krebs
New Contributor

Authentication with transparent web proxy

Hi all, I have tried transparent web proxy in 5.6.2 and it works when there is no authentication. I have tried implement kerberos authentication with it but it seems the rule is not matched. Is someone know if kerberos is supported with this mode ? I haven't found it in documentation. Regards,

4 REPLIES 4
leo1
New Contributor II

Hi,

Can i know what you did in your configuration? my transparent web proxy configuration is not working.

I just follow the instruction in youtube. 

 

Regards,

wluo
New Contributor

eenchev
New Contributor

Hi,

 

I am trying the same setup. It seems that transparent proxy is not working when the authentication is negotioate/kerberos.

 

Have you managed to find a solution to this?

 

Thank you in advance.

 

Cheers,

Emil

 

edit: As I read the guide more thoroughly it seems transparent proxy is working with SSO auth at the moment. This is working.

Fishbone_FTNT

Hey guys, don't know what you configured... you will probably need to activate kerberos captive portal, in config authentication settings. It cannot work (well) in transparent web proxy mode without something on the way to ask for authentication.

 

On the normal traffic,  you have redirection to portal on port http tcp/1000 or https on tcp/1003. With explicit proxy, you have authentication already on header level, and authentication is done by proxy mechanisms (ok - with exception of form-based auth, which is in fact replacement message).

 

This is transparent proxy. Transparent web proxy is in the flow perspective actually not behaving like proxy, it's transparent to the client, no proxy headers. Implementing replacements for kerberos exchange inline, in the traffic would be ugly and complex to do, so we have the captive portal for that purpose.

Just pure guess. Let me know if that was it, or share config snippets so we know where you are at with it.

My 2c.

Hth, Fishbone)(

smithproxy hacker - www.smithproxy.org

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors