Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NicholeKaligian
New Contributor

HTTP/2 support on a proxy

Hi,

 

I'm using a Fortigate device to configure a proxy in our network that will be used to test our software. This particular proxy needs to support HTTP/2 traffic. Its role is only to be a proxy for this traffic, no security policies or firewalling needs to be done on this traffic. 

 

Looking at the Fortigate documentation, I find some info on what Fortigate can do with this traffic, when using a reversed or 'true transparent' proxy. 

  • From what I understand, a transparent proxy requires the device to be the default gateway? This device is just sitting in the test lab, it currently isn't setup as a gateway (or anything else). 
  • This suggests that the explicit web proxy can't handle HTTP/2 traffic?
4 REPLIES 4
Sheikh
Staff
Staff

Hi NicholeKaligian,

 

I was checking internally and found that as per Admin guide, HTTP/2 in FortiOS Proxy mode is supported. I found some articles and that might help you.

 

https://docs.fortinet.com/document/fortiweb/7.0.1/administration-guide/36824/http-2-support

 

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/710924/http-2-support-in-proxy-mode-...

 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiOS-unencrypted-encrypted-HTTP-2-suppo...

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
NicholeKaligian

Hi Sheikh,

 

Thank you for your reply.

 

Those are indeed the articles that I had found so far, but that doesn't provide any information on the explicit web proxy specifically. The documentation only mentions reverser proxy and transparent proxy. 

Sheikh

Hi NicholeKaligian,

 

I further checked internally and found these documents of "Supported RFCs"

 

FortiOS 7.0

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/3ccd389a-e341-11eb-97f7-005056...

 

Added RFC 1928 to Other protocols on page 15.
Supported when explicit proxy is implemented.


https://www.rfc-editor.org/rfc/rfc7540

 

FortiOS 6.2

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/22795caa-468c-11e9-94bf-005056...

RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2) added.
Only flow mode is supported; proxy mode is not yet supported.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
NicholeKaligian

Thank you for that. Do you know of any way to track/confirm which protocol is being used? Either on the device itself or externally?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors