- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Creating multiple separate proxies
We currently have an unused Fortigate device, and would like to configure it to test how our software behaves through different types of proxies. To this end, I would need to be able to configure multiple, completely separate proxies on the device.
- 1 without authentication
- 1 with (anonymous) authentication
- 1 with Kerberos authentication
- 1 that allows only HTTP/2
- 1 that doesn't allow HTTP/2
Ideally these would be accessed on 5 different IP's, which are all on the same physical interface (which is also the outgoing interface). I've create multiple interfaces (loopback) and gave them an IP, and then enabled the explicit proxy setting. But I cannot seem to be able to create a proxy policy and specify what it applies to (the 'enabled on' section is always fixed)? If there is a way to do this, please let me know how to go about this.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could look at creating a vdom for each of the proxies tests you want to run. Then to be able to use the same network in each vdom, take a look at enhanced mac vlan:
You can create an emac-vlan for each vdom based on the specific port:
config system interface
edit port1.emacvlan1
set vdom VDOM1
set type emac-vlan
set interface port1
next
edit port 1.emacvlan2
set vdom VDOM2
set type emac-vlan
set interface port1
next
edit port1.emacvlan3
set vdom VDOM3
set type emac-vlan
set interface port1
next
end
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/212317/enhanced-mac-vlans
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could look at creating a vdom for each of the proxies tests you want to run. Then to be able to use the same network in each vdom, take a look at enhanced mac vlan:
You can create an emac-vlan for each vdom based on the specific port:
config system interface
edit port1.emacvlan1
set vdom VDOM1
set type emac-vlan
set interface port1
next
edit port 1.emacvlan2
set vdom VDOM2
set type emac-vlan
set interface port1
next
edit port1.emacvlan3
set vdom VDOM3
set type emac-vlan
set interface port1
next
end
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/212317/enhanced-mac-vlans
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking at the CLI reference, it seems there's a command that should allow you to determine the source interface on a proxy policy, however this command isn't accepted on my device. Are vdom's really the only way to go about this?
config srcintf
CLI Reference | FortiGate / FortiOS 6.0.0 | Fortinet Documentation Library
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the srcintf is only an option when the proxy type is set to transparent-web instead of explicit-web
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ensure that your software can connect to the specified IP addresses corresponding to the various loopback interfaces. Carefully configure loopback interfaces, proxy policies, and NAT. Buy proxies will not be a problem for you this year. Check routing and make sure the Fortigate unit is configured to handle traffic from these loopback interfaces. If necessary, consider firewall policies to allow traffic between loopback interfaces.
