Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
info2
New Contributor

Created on ‎08-28-2019 09:30 PM

How route 1 vlans internet traffic through a proxy on another vlan?

Could someone, as if they were speaking to a child, explain the steps and infrastructure I would need to accomplish this:

I have a Fortigate 60e firewall.

 

I have been tasked with setting up a network with 4 VLANs with different subnets. VLAN1 contains a proxy server and there is to be no internet access except through this proxy for both VLAN1 AND VLAN2. VLAN 3 and 4 I can control normally with the 60e policies. 

So far I am thinking, create 4 vlans in the 60e.

Vlan 3 and 4 are fine to deal with normally.

Now I just don't understand networking enough to know what to do from here.

How do I set up a proxy on VLAN 1 (squid?) and then how do I get traffic from vlan2's subnet going over to vlan1's subnet and going through the proxy? How does that work?

Gateways, switches, broadcast domains, multiple subnets???

 

Could someone please give me a little guidance here?

 

I feel out of my depth here so thanks for any help guys :)

 

Jono

4765
0 Kudos
4 REPLIES 4
orani
Contributor II

Created on ‎08-28-2019 09:41 PM

Lets assum that you are talking for L2 vlans. Then you have to set your vlan 2 machines using your proxy at some port. Then you have to configure a policy at your firewall from vlan 2 to vlan 1 accepting the traffic for your proxy port. Also configure a policy for proxy from vlan 1 accepting internet traffic. I think that would be fine.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
3375
0 Kudos
smari
New Contributor
In response to orani

Created on ‎08-29-2019 01:59 AM

If you are only talking about web traffic, look into explicit web proxy :

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-WAN-opt-54/web_proxy.htm#Example_exp...

If you are terminating the L2 vlans on the Fortigate this shouldn't be a problem.

Web proxy is configured in the browser in most cases , like in Firefox :

Preferences -> Network Settings -> Manual proxy configuration

NSE7, FMG, FAC, FAZ .

1500D's, 1200D's, 900D's, 300D's, 200D's, 100D's and bunch of small stuff.

 

NSE7, FMG, FAC, FAZ . 1500D's, 1200D's, 900D's, 300D's, 200D's, 100D's and bunch of small stuff.
3375
0 Kudos
info2
New Contributor
In response to smari

Created on ‎08-30-2019 03:04 AM

Guys thanks so much for the help... I am trying to implement now. Will let you know how it goes!

 

3375
0 Kudos
info2
New Contributor
In response to info2

Created on ‎09-17-2019 01:55 PM

Just to follow up, this worked great. Fortigates are awesome!

3375
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.