Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JDNULC
New Contributor

Transparent Web proxy with Kerberos Auth

Hi

 

I have been following the kerberos explicit proxy setup guide and have managed to get it working successfully. The down side of this setup is that I need to set the proxy server address on every machine or use wpad etc Im not sure if I dreamt this (sad I know) but I’m sure I read that you can setup the transparent Web proxy up to also use kerberos authentication.

 

Is this possible?? If so can anyone point me in the direction of the setup guide, share their config or just explain the steps needed to set it up?

 

Thanks in advance.

5 REPLIES 5
Debbie_FTNT
Staff
Staff

Hey JDNULC,

I wrote a KB for transparent proxy authentication: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-transparent-proxy-with-web-cooki...

The example here uses basic authentication, but you can use the existing authentication rule for Kerberos instead (just enable web-auth-cookie in that authentication rule as well) and everyhting else as outlined in the KB (regular firewall policy, proxy policy, authentication settings).

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
JDNULC
New Contributor

Hi Debbie

 

Thanks for the link it was really helpful and got it working for me.

 

Just one more question. Where do I add the security profiles? on the firewall policy? or just the proxy policy? or both?

We will need the following profiles WEB, APP, DPI,DNS, IPS. Are there any limitation doing this through the transparent proxy?

 

Again thanks for your help

Elzhan
New Contributor

Hello JDNULC

Have you got what you asked about - Kerberos auth for non-web traffic on Transparent proxy? If yes could you share the way?

Thank you,

Debbie_FTNT
Staff
Staff

Hey JDNULC,

I'm not sure, to be honest; I come from the authentication side in FortiGate, not so much the UTM side.

However, as the IPv4 policy essentially redirects the HTTP/HTTPS traffic to the proxy policy, I believe you will want to apply most UTM there.

Non-HTTP/HTTPS traffic (DNS for example) would not be redirected, so any UTM you want to apply to that (DNS filter for example) you should set in the IPv4 policy - at least that is my understanding of the setup.

I hope that helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
reckstay
New Contributor

Thanks for the link it was really helpful and got it working for me.

hellodear.in

tea tv apk

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors