Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

How to enable user auth for Explicit Web Proxy in 5.6?

How do we go about enabling user authentication for the Explicit Web Proxy in 5.6? The steps and CLI option for <=5.4 aren't showing up in 5.6.



Esteemed Contributor III

I don't they changed to  much in v5.6.x  but are you using  local  user or a remote-auth  group?

Did you check under network explicit proxy ?





PCNSE NSE StrongSwan
New Contributor II

emnoc wrote:

I don't they changed to  much in v5.6.x  but are you using  local  user or a remote-auth  group?


I'm trying to use it with remote-auth to LDAP/AD


Did you check under network explicit proxy ?

There is nothing under Network->Explicit Web Proxy to specify or turn on auth.


The best documentation I can find is the following, which isn't making any sense to me whatsoever:




Once again, they decided to change the rule !

Everything has been moved to CLI , what a beautiful idea !!

Hey guys wake up, Move it back to the GUI !



New Contributor II

Can somebody provide a usable example? The documentation is in English, but it's not making any sense to me at all and does not seem actionable.


Edit: to elaborate, I want to have an Explicit Web Proxy listening on our outside interface with authentication enabled (backend is LDAP/Active Directory, but could be RADIUS, if that's easier). This is so our student devices (iPads and soon Chromebooks) outside our school district network can still be web filtered.


Hi Jacob,


Just posting to say I agree with you. I upgraded from 5.4 where the explicit proxy was working without any problems with LDAP authentication. When I upgraded to 5.6 it broke, I also tried to make some sense of the docs for the changes in authentication and how it should now work, but so far I don't have a working solution, downgraded to 5.4 again and will lab it next week. Maybe a slightly different problem to yours as I am using form based authentication with a customised login page, but the documentation is bad, and really it should just work the same when you upgrade.



New Contributor

Please do the following if you are using single sign on (FSSO). Note that I´m using an agent to collect information from the Ldap server.


**** Configure authentication scheme first ( created an scheme named novosso ) ****

BORDA # config authentication scheme BORDA (scheme) # edit novosso new entry 'novosso' added BORDA (novosso) # set method fsso BORDA (novosso) # end BORDA #


**** Configure the rule, point the rule to the scheme you just created ****

BORDA # config authentication rule ( created a rule called regrasso and pointed to the sso method called novosso )

BORDA (rule) # edit regrasso new entry 'regrasso' added BORDA (regrasso) # set status enable BORDA (regrasso) # set protocol http BORDA (regrasso) # set srcaddr all BORDA (regrasso) # set sso-auth-method novosso BORDA (regrasso) # next BORDA (rule) # end BORDA #




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors