Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
spyke62
New Contributor

Explicit web proxy - advantages ?

Hi,

 

I use fortios 5.2 / 5.4 

 

I only use transparent proxy and manage rules (server, nat, users access) via the menu "Policy -> IPV4" 

 

I know when you activate explicite proxy, a new menu is available to use access via fortgate explicite proxy.

You need to configure web browser firewall  with IP and port. 

 

But what is the advantages of using the explicit proxy rather than transparent proxy ? 

 

Thank you, 

Spyke 

 

4 REPLIES 4
ipns
New Contributor III

Hi,

 

In my opinion it's better to use the proxy rather than the explicit proxy. Some applications have some issues with explicit proxy and will not use it. So for a more complete picture, you use normal proxy.

When you have a company which devides the network management and system management to different departments, it may be handy to let the proxy settings be managed by the system management. Then u can choose to use explicit proxy so system management can alter the settings by using GPO's.

But in the end, when you have the choice, don't use explicit proxy.

Kind Regards, 

IPNS

Kind Regards, IPNS
Wurstsalat
New Contributor III

On fortios 5.2/5.4 you cant use web authentication...with 5.6 you have this ability. The ip based authentication method was for me never really realiable...so if you want authentication which is a bit reliable, go for explicit or fortios 5.6 (would not recommend at the Moment)

If you want something like forms based auth (for whatever reason, disclaimer or what else), go for explicit

if you want to control your web traffic, you want ssl deep inspection, you go better with explicit

 

 

emnoc
Esteemed Contributor III

Advantages ( explicit )

 

You can enforce user proxy  via groups

controls  id-polices  ( identity )

You have more controls over what SSL or now I guess TLS ciphers that are in used

header insertions

You can craft numerous  explicit proxy that  indirectly have different profiles

 

e.g in a schoold

 

 explicitproxy 01 ---Police, resource Officers, Faculty

 explicitproxy 02 -- students K-4

 explicitproxy 03 -- students 5-8

 explicitproxy 04 -- students 9-12

 explicitproxy 05 -- guest

 

Each could have it owns authentication methods

 

e.g

 

Proxy 01  local

Proxy 02  LDAP elem.example.edu

Proxy 03  LDAP middle.example.edu

Proxy 04  LDAP high.example.edu

 

 

 

Dis-advanatge, you need a hard configuration or some type of PAC or AUTO-discovery

 

 

Adv/Dis-advantage of explicit are the reverse in transparent.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
MikePruett
Valued Contributor

I have a client for a school that uses explicit proxy for interior and exterior users. Loves it and swears by it. Does what was mentioned previously and gives each group their own policy.

 

Disperses via PAC file

Mike Pruett Fortinet GURU | Fortinet Training Videos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors