We currently have an unused Fortigate device, and would like to configure it to test how our software behaves through different types of proxies. To this end, I would need to be able to configure multiple, completely separate proxies on the device.
Ideally these would be accessed on 5 different IP's, which are all on the same physical interface (which is also the outgoing interface). I've create multiple interfaces (loopback) and gave them an IP, and then enabled the explicit proxy setting. But I cannot seem to be able to create a proxy policy and specify what it applies to (the 'enabled on' section is always fixed)? If there is a way to do this, please let me know how to go about this.
Solved! Go to Solution.
You could look at creating a vdom for each of the proxies tests you want to run. Then to be able to use the same network in each vdom, take a look at enhanced mac vlan:
You can create an emac-vlan for each vdom based on the specific port:
config system interface edit port1.emacvlan1 set vdom VDOM1 set type emac-vlan set interface port1 next edit port 1.emacvlan2 set vdom VDOM2 set type emac-vlan set interface port1 next edit port1.emacvlan3 set vdom VDOM3 set type emac-vlan set interface port1 next end
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/212317/enhanced-mac-vlans
You could look at creating a vdom for each of the proxies tests you want to run. Then to be able to use the same network in each vdom, take a look at enhanced mac vlan:
You can create an emac-vlan for each vdom based on the specific port:
config system interface edit port1.emacvlan1 set vdom VDOM1 set type emac-vlan set interface port1 next edit port 1.emacvlan2 set vdom VDOM2 set type emac-vlan set interface port1 next edit port1.emacvlan3 set vdom VDOM3 set type emac-vlan set interface port1 next end
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/212317/enhanced-mac-vlans
Looking at the CLI reference, it seems there's a command that should allow you to determine the source interface on a proxy policy, however this command isn't accepted on my device. Are vdom's really the only way to go about this?
config srcintf
CLI Reference | FortiGate / FortiOS 6.0.0 | Fortinet Documentation Library
the srcintf is only an option when the proxy type is set to transparent-web instead of explicit-web
Ensure that your software can connect to the specified IP addresses corresponding to the various loopback interfaces. Carefully configure loopback interfaces, proxy policies, and NAT. Buy proxies will not be a problem for you this year. Check routing and make sure the Fortigate unit is configured to handle traffic from these loopback interfaces. If necessary, consider firewall policies to allow traffic between loopback interfaces.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.