- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Upstream Proxy in default (implicit) proxy
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upstream Proxy in default (implicit) proxy
Hi,
I have an issue with my FortiGate config.
I have 2 FG 200D on HA (Active Passive) with Explicit proxy feature enabled because of an upstream proxy necessary to access on the web. This upstream proxy is not managed by our team, so we cannot bypass it.
My question is: is there any way to use the default proxy (implicit) and to refer the upstream proxy?
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The implicit or transparent proxy features I'm aware of revolve around WCCP clients and servers. Squid is an example of a transparent proxy server that can easily be configured to interoperate with a FortiGate appliance.
This article explains the details for a generic setup, in case it helps:
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply.
With your solution, can I use the Web, App and AV filtering in default IPv4 Policy and just use the transparent proxy as a upstream proxy redirector?
(Sorry for my english)
Here is a basic schema of our infra. We manage the LAN part... The extranet part is unmanageable and cannot be modified. the only way to access to the web is via the Upstream Proxy (It allows all traffic, just scans some features).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm...what are the proxy's requirements for how the traffic arrives to be properly handled? In other words, with a normal explicit proxy, the proxy needs to be targeted at Layer-3 as the destination, and usually on a specific, non-standard port for web traffic, like 8080. Does the extranet proxy require incoming traffic to target the proxy's IP at port 8080, or a similar destination port?
Using WCCP would likely not work in this case, since you don't have control over their settings.
You could use a VIP bound to your internal interface, translating all incoming traffic targeting port 80 so that the destination IP is mapped to the proxy, and the port mapped to the proxy's port.
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately it doesn't work. When I configure this settings, I can't access to the web...
A ping to the website is ok, but not web access except if I configure my proxy settings :(
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately it doesn't work. When I configure this settings, I can't access to the web... A ping to the website is ok, but not web access except if I configure my proxy settings :(
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Example:
Internal host - 192.168.50.2/24
Internal gateway (FGT interface) - 192.168.50.1/24
Extranet proxy socket - 1.1.1.1:8080
VIP configuration:
-Bound to internal interface as the 'external' port
-External IP left blank to encompass all addresses
-Mapped IP: 1.1.1.1
-External port: 80
-Mapped port: 8080
Create a policy from internal > WAN, source All, destination VIP.
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, I was on holliday without internet access... I will try this solution. I didn't tried this before. I will give you feedback once it's done.
Thanks a lot for your reply
Related Posts
- Simple explanation enabling the LOGGING of... 434 Views
- ipv6 - internal lan interface cannot... 630 Views
- Incorrect Router Announcement with Prefix Delegation 1028 Views
- Implicit Deny in FortiGate 5214 Views
- SD-WAN Internet Traffic over IPSec VPN 740 Views
Labels
-
FortiGate
6,944 -
FortiClient
1,369 -
5.2
801 -
5.4
639 -
FortiManager
600 -
FortiAnalyzer
440 -
6.0
416 -
5.6
362 -
FortiAP
362 -
FortiSwitch
358 -
FortiClient EMS
281 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
123 -
FortiGuard
111 -
IPsec
99 -
FortiGateCloud
92 -
FortiSIEM
91 -
SSL-VPN
87 -
FortiCloud Products
85 -
FortiToken
76 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
42 -
Fortivoice
41 -
FortiDNS
37 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
High Availability
28 -
FortiAuthenticator
27 -
VLAN
27 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
FortiConverter
21 -
DNS
20 -
FortiGate v5.2
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
SSID
8 -
FortiBridge
8 -
WAN optimization
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 997 | |
| 831 | |
| 466 | |
| 440 | |
| 136 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.