Hi all
I can't wrap my head around this features. I might be misunderstanding everything.
In the Explicit Proxy feature of the Fortigate there is a parameter called "Default Firewall Policy Action" which can be set to "Accept" or "Deny".
However, I don't understand what a) it actually does, b) what it does when its on accept or on deny and c) what is being influenced by this setting.
Does anyone have any insights for me?
Side note:
In the official documentation (https://docs.fortinet.com/document/fortigate/6.4.0/best-practices/997260/explicit-proxy) it says that "Set the explicit web proxy and explicit FTP proxy Default Firewall Policy Action to Deny. This means that a firewall policy is required to use these explicit proxies, allowing you to control access and impose security features".
Thanks a lot for your help
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @scheuri,
A small correction to this. If you set Default Firewall Policy Action to Deny, The implicit Proxy Policy will be 'Deny'. If you set Default Firewall Policy Action to Accept, The implicit Proxy Policy will be 'Accept'. Below is an example of Default Firewall Policy Action set to Accept under 'Explicit Web Proxy'.
Regards,
Hi @scheuri,
A small correction to this. If you set Default Firewall Policy Action to Deny, The implicit Proxy Policy will be 'Deny'. If you set Default Firewall Policy Action to Accept, The implicit Proxy Policy will be 'Accept'. Below is an example of Default Firewall Policy Action set to Accept under 'Explicit Web Proxy'.
Regards,
Thank you very much for your reply and your explanation.
That makes (partial) sense - unfortunately the name "implicit deny" in the proxy policies confused me.
It isn't an implicit deny after all - as you can switch its behaviour to a implicit accept with the aforementioned parameter.
Thanks again for your explanation - much appreciated
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.