Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rocampo
New Contributor

Forticache explicit proxy.

Hi,

 

Anyone has a procedure to configure Forticache

as an explicit proxy?

 

1 Solution
Carl_Windsor_FTNT

**I recommend that you use the new Fortinet Community Portal - FUSE going forwards**

 

First port of call is the FortiCache Admin Guide but in summary the minimum configuration to get up and running is:

[ul]
  • Ensure the FortiCache is set up with the basic networking (interface IPs, Static Route, DNS)[ul]
  • If this is a VM, ensure your data disks are mounted, formatted and assigned to the cache process[/ul]
  • Enable Explicit Proxy on the client facing FCH interface under Firewall Objects > Explicit Proxy > Explicit
  • Configure a Firewall Policy between the Explicit Interface and the Internet.  Test that this works first, then enable caching (as shown in this screenshot).[ul]
  • To test, change your browser setting to point at the FAC IP on port 8080 if you use the defaults in Firewall Objects > Explicit Proxy > Explicit[/ul][/ul]

    There are other setting which you can look at changing once you have the basics set up e.g. PAC files, alternate ports, FTP over HTTP but get the basics working first, then move on.

     

  • Dr. Carl Windsor Field Chief Technology Officer Fortinet

    View solution in original post

    6 REPLIES 6
    Carl_Windsor_FTNT

    **I recommend that you use the new Fortinet Community Portal - FUSE going forwards**

     

    First port of call is the FortiCache Admin Guide but in summary the minimum configuration to get up and running is:

    [ul]
  • Ensure the FortiCache is set up with the basic networking (interface IPs, Static Route, DNS)[ul]
  • If this is a VM, ensure your data disks are mounted, formatted and assigned to the cache process[/ul]
  • Enable Explicit Proxy on the client facing FCH interface under Firewall Objects > Explicit Proxy > Explicit
  • Configure a Firewall Policy between the Explicit Interface and the Internet.  Test that this works first, then enable caching (as shown in this screenshot).[ul]
  • To test, change your browser setting to point at the FAC IP on port 8080 if you use the defaults in Firewall Objects > Explicit Proxy > Explicit[/ul][/ul]

    There are other setting which you can look at changing once you have the basics set up e.g. PAC files, alternate ports, FTP over HTTP but get the basics working first, then move on.

     

  • Dr. Carl Windsor Field Chief Technology Officer Fortinet

    rocampo

    Got this to work earlier.

    I posted on this forum since when default port (8080) was used, the browser was

    getting "connection refused" errors - I thought I was missing something.

    Only when I changed the default port did it work.

    I'm surprised the Admin Guide does not have a procedure on this.

    Although, I've noticed, video traffic running on HTTPS is not being cached for some reason.

    This is actually just a side step, to a more complicated setup which involves the Forticache being

    integrated with a FG1000D via WCCP. HTTP caching is working on that setup but HTTPS is not working.

    I wanted to try the Explicit Proxy setup just to make sure HTTPS proxy can work.

    I've got a ticket opened for the "WCCP-HTTPS" problem, still waiting for an Engineer to take ownership.

    Thank you for the reply, your answer leads to a solution.

     

     

    Carl Windsor wrote:

    **I recommend that you use the new Fortinet Community Portal - FUSE going forwards**

     

    First port of call is the FortiCache Admin Guide but in summary the minimum configuration to get up and running is:

    [ul]
  • Ensure the FortiCache is set up with the basic networking (interface IPs, Static Route, DNS)[ul]
  • If this is a VM, ensure your data disks are mounted, formatted and assigned to the cache process[/ul]
  • Enable Explicit Proxy on the client facing FCH interface under Firewall Objects > Explicit Proxy > Explicit
  • Configure a Firewall Policy between the Explicit Interface and the Internet.  Test that this works first, then enable caching (as shown in this screenshot).[ul]
  • To test, change your browser setting to point at the FAC IP on port 8080 if you use the defaults in Firewall Objects > Explicit Proxy > Explicit[/ul][/ul]

    There are other setting which you can look at changing once you have the basics set up e.g. PAC files, alternate ports, FTP over HTTP but get the basics working first, then move on.

     

  • Carl_Windsor_FTNT

    rocampo wrote:

    Although, I've noticed, video traffic running on HTTPS is not being cached for some reason.

     

    I am assuming you have enabled HTTPS Inspection on the firewall policy.  If so, add the following command to the firewall policy (CLI only). 

     

    config firewall policy    edit 1        set srcintf "Explicit_Proxy"        set dstintf "port1"        set srcaddr "all"        set dstaddr "all"        set action accept        set schedule "always"        set service "webproxy"        set utm-status enable        set logtraffic all        set logtraffic-start enable        set log-http-transaction enable        set webcache enable        set webcache-https any            <------ Required to cache video content        set profile-protocol-options "default"        set deep-inspection-options "default"   next end

    Dr. Carl Windsor Field Chief Technology Officer Fortinet

    rocampo

     

    That one I missed. :)

    rocampo

    Btw, these 2 commands:

     

     set profile-protocol-options "default"   set deep-inspection-options "default"

    Are not available for Explicit Proxy ---> Internet Facing Interface, Firewall Policy.

     

     

    ashley_beeharry

    Hello, Has there been any solution to got this work. Had the same issue and only HTTP is being cached.

     

    Any idea on how to cache HTTPS?

     

    Support also not helping a lot on this issue.

     

    Regards, Ashley

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors