Hi Team,
We are implementing proxy policy with fsso but the issue is why we need to enable lan to wan in Firewall policy when we are defining lan to wan in Explicit proxy. Will not end system which are authenticated via fsso will reach to internet if we just mention policy in explicit only. Also when we disable traffic to Wan in normal policy internet does not work.
Please suggest!
Even when clients are configured to use an explicit proxy, some traffic might not be explicitly directed to the proxy server. For example, certain applications or protocols might bypass the proxy settings or use direct connections. If there is no LAN to WAN firewall policy that allows traffic, authenticated users might not reach the internet for these direct connections or fallback scenarios.
Hi Siddhanth,
Thank you for following up!
It make sense partially but my main concern is after disabling normal Lan to Wan why my users does not go to internet for small traffic like google.com, facebook.com that use https protocol even though same has been allowed in proxy policy. But after I enable lan to wan user can reach to internet and logs show the traffic is going through proxy policy.
Please advise on this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.