Have a pair of 601E FortiGate units in a remote location. Connected to a cloud environment via S2S VPN. Among other things, I need to be able to send the FortiGate logs up to the cloud, and don't want to lose them if the S2S goes down for any reason. Found the documentation to send logs via a proxy. Would like to use the extra GE ports on the unit to directly connect a physical proxy server. Looked through the documentation and it's not entirely clear what I need to do on the FG.
Would think the port would need a VLAN identifer, but non-taged.
Seems simple, but after wading through the various posts, it seems unclear. Perhaps I just need to read the right doc.
The other related question: Is it possible to connect a "host" machine with two network interfaces to both units when the FGs are configured as Active/Passive?
Solved! Go to Solution.
If you want to directly connect it to a physical proxy server using the extra GE (Gigabit Ethernet) ports on the FortiGate unit, here's is how you can achieve this,
-- Ethernet cable to connect one of the free GE ports on the FortiGate to the network port on your proxy server.
-- In the GE interface on FortiGate, assign an IP address and subnet mask to this interface (For example, 192.168.2.1/24 if you are setting up a new subnet). Set role to "LAN" and give administrative access as per your preference, also make sure to set interface to "UP".
-- Assign an IP address to your proxy server that falls within the subnet you've designated for the FortiGate interface (e.g., 192.168.2.2). Set the gateway for the proxy server as the IP address of the FortiGate's GE interface (in our example, 192.168.2.1). If you're using the proxy for web traffic, configure your necessary proxy settings, like port (e.g., 8080 for a typical web proxy).
-- For the proxy server to access the internet, you need to configure a policy. Create a new policy and set the incoming interface as the GE port you've connected to the proxy server. Set the outgoing interface as your WAN interface. Set Source as ALL, or specify the IP address of your proxy server. Set Destination as ALL, or whatever specific destinations you want. Set Service as ALL or specific services like HTTP, HTTPS, etc. Make sure the Action is set to Accept. Enable NAT.
-- From your proxy server, try accessing the internet. Ensure that web traffic flows through the FortiGate as expected.
If you want to directly connect it to a physical proxy server using the extra GE (Gigabit Ethernet) ports on the FortiGate unit, here's is how you can achieve this,
-- Ethernet cable to connect one of the free GE ports on the FortiGate to the network port on your proxy server.
-- In the GE interface on FortiGate, assign an IP address and subnet mask to this interface (For example, 192.168.2.1/24 if you are setting up a new subnet). Set role to "LAN" and give administrative access as per your preference, also make sure to set interface to "UP".
-- Assign an IP address to your proxy server that falls within the subnet you've designated for the FortiGate interface (e.g., 192.168.2.2). Set the gateway for the proxy server as the IP address of the FortiGate's GE interface (in our example, 192.168.2.1). If you're using the proxy for web traffic, configure your necessary proxy settings, like port (e.g., 8080 for a typical web proxy).
-- For the proxy server to access the internet, you need to configure a policy. Create a new policy and set the incoming interface as the GE port you've connected to the proxy server. Set the outgoing interface as your WAN interface. Set Source as ALL, or specify the IP address of your proxy server. Set Destination as ALL, or whatever specific destinations you want. Set Service as ALL or specific services like HTTP, HTTPS, etc. Make sure the Action is set to Accept. Enable NAT.
-- From your proxy server, try accessing the internet. Ensure that web traffic flows through the FortiGate as expected.
Thanks. That was basically what I'm looking for.
User | Count |
---|---|
2674 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.