Hi all, I have tried transparent web proxy in 5.6.2 and it works when there is no authentication. I have tried implement kerberos authentication with it but it seems the rule is not matched. Is someone know if kerberos is supported with this mode ? I haven't found it in documentation. Regards,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Can i know what you did in your configuration? my transparent web proxy configuration is not working.
I just follow the instruction in youtube.
Regards,
You can find document for FortiOS 5.6 at http://docs.fortinet.com/uploaded/files/3987/fortios_firewall-56.pdf Page 338.
Hi,
I am trying the same setup. It seems that transparent proxy is not working when the authentication is negotioate/kerberos.
Have you managed to find a solution to this?
Thank you in advance.
Cheers,
Emil
edit: As I read the guide more thoroughly it seems transparent proxy is working with SSO auth at the moment. This is working.
Hey guys, don't know what you configured... you will probably need to activate kerberos captive portal, in config authentication settings. It cannot work (well) in transparent web proxy mode without something on the way to ask for authentication.
On the normal traffic, you have redirection to portal on port http tcp/1000 or https on tcp/1003. With explicit proxy, you have authentication already on header level, and authentication is done by proxy mechanisms (ok - with exception of form-based auth, which is in fact replacement message).
This is transparent proxy. Transparent web proxy is in the flow perspective actually not behaving like proxy, it's transparent to the client, no proxy headers. Implementing replacements for kerberos exchange inline, in the traffic would be ugly and complex to do, so we have the captive portal for that purpose.
Just pure guess. Let me know if that was it, or share config snippets so we know where you are at with it.
My 2c.
Hth, Fishbone)(
smithproxy hacker - www.smithproxy.org
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.