IPv6 Explicit web proxy
You can use the explicit web proxy for IPv6 web traffic. To do this you need to:
• Enable the IPv6 explicit web proxy from the CLI
• Enable the explicit web proxy for one or more FortiGate interfaces. These interfaces also need an IPv6 address
• Add web proxy security policies and add IPv6 firewall addresses to allow the explicit web proxy to accept IPv6 traffic.
| If you have enabled both the IPv4 and the IPv6 explicit web proxy you can combine IPv4 and IPv6 addresses in a single explicit web proxy policy to allow both IPv4 and IPv6 traffic through the proxy. |
Use the following steps to set up a FortiGate unit to accept IPv4 and IPv6 traffic for the explicit web proxy at the Internal interface and forward IPv4 and IPv6 explicit proxy traffic out the wan1 interface to the Internet.
1. Enter the following CLI command to enable the IPv6 explicit web proxy:
config web-proxy explicit
set status enable
set ipv6-status enable
end
2. Go to System > Network > Interface and edit the internal interface, select Enable Explicit Web Proxy and select OK.
3. Go to Policy > Policy > Policy and select Create New to add an IPv6 explicit web proxy security policy:
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | web-proxy |
Source Address | Internal-IPv4-subnet |
Source IPv6 Address | Internal-IPv6-subnet |
Outgoing Interface | wan1 |
Destination Address | all |
Destination IPv6 Address | all |
Service | webproxy |
Action | ACCEPT |
This IPv6 explicit web proxy policy allows traffic from all IPv6 IP addresses to connect through the explicit web proxy and through the wan1 interface to any IPv6 addresses that are accessible from the wan1 interface.