Hi Fortigaters,
I have a explicit web proxy defined in Transparent mode VDOM (Fortigate v5.0).
Firewall policy for explicit web proxy requires destination port ("service") be set to "webproxy", so, how can I provision a Firewall policy to deny connection via the proxy to a specific destination port (as specified within Request URI and HTTP HOST header of the HTTP Connect request method message originated by client)?
R's, Alex
Hi, Alex:
According my experience, you can create a new webproxy service in which only allowed port is set. For example:
config firewall service custom edit "webproxy_1" set explicit-proxy enable set category "Web Proxy" set protocol ALL set tcp-portrange 1-80 next end
Then enable above webproxy service in your policy.
Best Regards
Robert Diao
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.