Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sandtor
New Contributor

Created on ‎06-19-2025 06:09 AM

FortiPAM Proxy issue with media servers

We have recently started using FortiPAM 1.5 and are experiencing some challenges.

We have a SCADA system for video, which is based on MediaMTX with three video servers.
The issue is that when I create a "web account" target with the associated secret, I am able to log in to the SCADA website itself.
However, the video is opened directly from my PC to the video servers. This traffic needs to go through the proxy, just like the SCADA website.

I have tested various things, including adding the IP addresses of the video servers to the Domain list IP mask list on the target.
This has not helped. FortiPAM does have access to all the video servers over the local network.

 

What needs to be done to make this work? 

Labels:
428
0 Kudos
4 REPLIES 4
Jean-Philippe_P
Moderator
Moderator

Created on ‎06-22-2025 12:52 PM

Hello sandtor, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
384
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎06-23-2025 02:19 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
350
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎06-24-2025 03:30 AM

Hello!

 

I found this Solution. Can you tell me if it helps, please?

 

To ensure that the video traffic is routed through the proxy, similar to the SCADA website, follow these steps:

 

  1. Verify Web Proxy Configuration: Ensure that the web proxy feature is enabled globally on the interface handling incoming and outgoing traffic. Use the CLI commands: `shell config system interface edit "port1" set explicit-web-proxy enable next end `

  2. Configure the Secret Target:
    - When creating the secret target, ensure that the `Web Proxy` option is enabled in the `Advanced Web Setting` pane.
    - Add the IP addresses of the video servers to the `FQDN List` instead of the `IP Mask List`. This ensures that the domain names are resolved and routed through the proxy.

  3. Access Mode: Ensure that the `Access Mode` is set to `Proxy` for the domain list.

  4. Firewall and Proxy Configuration: Check the firewall and proxy settings to ensure that the traffic from the video servers is allowed and properly routed through the proxy.

  5. Test and Validate: After making these changes, test the configuration to ensure that the video traffic is now being routed through the proxy.

 

If the issue persists, further investigation into the network configuration and proxy settings may be required.

Jean-Philippe - Fortinet Community Team
313
0 Kudos
sandtor
New Contributor

Created on ‎07-01-2025 12:57 AM Edited on ‎07-01-2025 01:04 AM

 

Hi

Thnx for the desciption on how to do this. As you can see under I have changed from IP to FQDN. FortiPAM can ping using the FQDN. In the policy I have changed the allowed services to ALL. But as you can see in the last image, the video traffic is still going from the client IP and is not proxied through FortiPAM.

10.161.0.55 is the client IP that I'm using to login to FortiPAM.

10.160.16.53 is one of the video servers.

 

Screenshot 2025-07-01 095347.png

 

Screenshot 2025-07-01 095257.png

 

Screenshot 2025-07-01 100419.png

265
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.