Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
maeLove
New Contributor

Fortinet as Proxy Server

Hi everyone,

 

I just wanna ask if a certain fortinet firewall can be setup as a Proxy Server? What particular model can you suggest?

I'm planning to setup a Proxy Server as a gateway to the internet. This firewall will be passing through other firewall (setup will be behind other firewall) that is in site-to-site setup. Thank you.

 

 

Regards

10 REPLIES 10
damiri
New Contributor

I believe you can set pretty much any Fortigate as proxy. However, keep in mind that is impossible to track inbound and outbound connection and get them in correlation. 

hklb
Contributor II

Hello,

 

maeLove wrote:
Hi everyone, I just wanna ask if a certain fortinet firewall can be setup as a Proxy Server? What particular model can you suggest? I'm planning to setup a Proxy Server as a gateway to the internet. This firewall will be passing through other firewall (setup will be behind other firewall) that is in site-to-site setup. Thank you.

Yes, you can use fortigate as a proxy server (http/s and ftp). The model depend of what do you want : only web filtering ? or full UTM ? how many users do you have ? explicit proxy uses more ressource than proxy in transparent mode.. Normally, your fortinet partner should be able to do the sizing correctly..

 

damiri wrote:
However, keep in mind that is impossible to track inbound and outbound connection and get them in correlation.
What do you mean ?

 

Lucas

maeLove
New Contributor

hklb wrote:

Yes, you can use fortigate as a proxy server (http/s and ftp). The model depend of what do you want : only web filtering ? or full UTM ? how many users do you have ? explicit proxy uses more ressource than proxy in transparent mode.. Normally, your fortinet partner should be able to do the sizing correctly..

 

 

Hi,

Their need is a full UTM. They have 130-140 users on LAN (only 70-80 with internet access). What do you mean by "more resources" in explicit proxy than in transparent mode? 'Coz, probably they're planning to setup in transparent mode, behind their ISP's firewall.

Thank you.

 

 

Regards 

 

 

hklb
Contributor II

maeLove wrote:

hklb wrote:

Yes, you can use fortigate as a proxy server (http/s and ftp). The model depend of what do you want : only web filtering ? or full UTM ? how many users do you have ? explicit proxy uses more ressource than proxy in transparent mode.. Normally, your fortinet partner should be able to do the sizing correctly..

 

 

Hi,

Their need is a full UTM. They have 130-140 users on LAN (only 70-80 with internet access). What do you mean by "more resources" in explicit proxy than in transparent mode? 'Coz, probably they're planning to setup in transparent mode, behind their ISP's firewall.

Thank you.

 

 

Regards 

 

 

Hi

 

The explicit proxy has the process wad and will consume more ressource than if you configure as a proxy transparent (proxy transparent : define a web filter profile as proxy and add this one on your firewall policy)

 

The 100D should be work..

maeLove
New Contributor

 

Hi

 

The explicit proxy has the process wad and will consume more ressource than if you configure as a proxy transparent (proxy transparent : define a web filter profile as proxy and add this one on your firewall policy)

 

The 100D should be work..

Thank you for the info. 

 

Cheers 

mramon79
New Contributor II

Hi,

We have 2 fortigate 3240 C balanced  as proxy server for more than 9000 users, Full UTM profiles and all works ok, no problem.Many times  one of these appliances  has the proxy service down due to maintenance or testing some new configurations and the other one handles all traffic perfectly(25% cpu / 80 % mem).

Please excuse my limited English

 

Regards

 

HA
Contributor

Hello,

 

One of our customer replace Bluecoat solution (SG and AV appliances) with FGT100D (configured in explicit proxy).

Around 90 people are connected.

UTM features enabled: AV, URL Filtering, IPS, SSL Inspection, DLP, Application Control.

Proxy Authentication (NTLM) is integrated with AD.

 

Reporting and visbilility has been enhanced compared with Bluecoat solution.

 

Regards,

 

HA

 

maeLove
New Contributor

HA wrote:

One of our customer replace Bluecoat solution (SG and AV appliances) with FGT100D (configured in explicit proxy).

Around 90 people are connected.

UTM features enabled: AV, URL Filtering, IPS, SSL Inspection, DLP, Application Control.

Proxy Authentication (NTLM) is integrated with AD.

 

Reporting and visbilility has been enhanced compared with Bluecoat solution.

Hi,

 

Thank you for sharing this. Can I ask how you setup your FG-100D in your network? 'Coz our client want to add a firewall as their own, then they want also to configure it as their proxy server. They're actually connected to their ISP's firewall that has site-to-site vpn configured. So, probably their firewall will be setup behind (transparent mode) their ISP's firewall is that possible? Their isp can provide a public ip for their firewall. Thank you.

 

Regards,

Jam

damiri
New Contributor

internal session is not connected to external session. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors