Hi,
I use fortios 5.2 / 5.4
I only use transparent proxy and manage rules (server, nat, users access) via the menu "Policy -> IPV4"
I know when you activate explicite proxy, a new menu is available to use access via fortgate explicite proxy.
You need to configure web browser firewall with IP and port.
But what is the advantages of using the explicit proxy rather than transparent proxy ?
Thank you,
Spyke
Hi,
In my opinion it's better to use the proxy rather than the explicit proxy. Some applications have some issues with explicit proxy and will not use it. So for a more complete picture, you use normal proxy.
When you have a company which devides the network management and system management to different departments, it may be handy to let the proxy settings be managed by the system management. Then u can choose to use explicit proxy so system management can alter the settings by using GPO's.
But in the end, when you have the choice, don't use explicit proxy.
Kind Regards,
IPNS
On fortios 5.2/5.4 you cant use web authentication...with 5.6 you have this ability. The ip based authentication method was for me never really realiable...so if you want authentication which is a bit reliable, go for explicit or fortios 5.6 (would not recommend at the Moment)
If you want something like forms based auth (for whatever reason, disclaimer or what else), go for explicit
if you want to control your web traffic, you want ssl deep inspection, you go better with explicit
Advantages ( explicit )
You can enforce user proxy via groups
controls id-polices ( identity )
You have more controls over what SSL or now I guess TLS ciphers that are in used
header insertions
You can craft numerous explicit proxy that indirectly have different profiles
e.g in a schoold
explicitproxy 01 ---Police, resource Officers, Faculty
explicitproxy 02 -- students K-4
explicitproxy 03 -- students 5-8
explicitproxy 04 -- students 9-12
explicitproxy 05 -- guest
Each could have it owns authentication methods
e.g
Proxy 01 local
Proxy 02 LDAP elem.example.edu
Proxy 03 LDAP middle.example.edu
Proxy 04 LDAP high.example.edu
Dis-advanatge, you need a hard configuration or some type of PAC or AUTO-discovery
Adv/Dis-advantage of explicit are the reverse in transparent.
PCNSE
NSE
StrongSwan
I have a client for a school that uses explicit proxy for interior and exterior users. Loves it and swears by it. Does what was mentioned previously and gives each group their own policy.
Disperses via PAC file
Mike Pruett
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.