Benefits of using proxy policies vs firewall policies?
Currently we are using a FortiGate with explicit proxy in our environment because we have always used a proxy in the past to control which users get access to the internet and which do not. The same FortiGate is also the main firewall and default gateay. On the proxy policies, we use the following security features:
- SSL Deep Inspection
- Web Filter
- Application Control
- File Filter
The clients get the proxy information via PAC file. However, the proxy address is the same as our default gateway, which means internet connection could be established over normal IPv4 firewall policies as well. From time to time, there is problems with websites or applications that do not go over the proxy correctly. Either there is a problem with authentication (407 Authentication Required) or the websites simply break as soon as any security profile is applied (i.e. the browser returns err_emtpy_response).
That makes me wonder, aside from the user authentication part, are there any benefits of using a proxy in our environment? As far as I can tell, I can also apply SSL Deep Inspection and all the other security profiles (Antivirus etc...) to a normal IPv4 policy, can I not?
as mentioned by @metz_FTNT earlier, in Proxy authentication you can set methods in "Authentication schemes" like Basic, Certificate based, Digest, Form Based, FSSO, NTLM, SAML Radius Single Sign-on etc..
You can also configure a Keytab file to get Kerberos authentication which is available with "Negotiate" method.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.