Security profiles, client reputation, device identification, and the explicit web proxy
You can apply all security profiles to explicit web proxy sessions. This includes antivirus, web filtering, intrusion protection (IPS), application control, and data leak prevention (DLP) including DLP archiving features to explicit web proxy sessions. Security profiles are applied by selecting them in a web proxy security policy or a user identity policy in a web proxy security policy.
You can also enable client reputation for explicit web proxy policies.
The explicit web proxy is not compatible with device identification.
Since the traffic accepted by the explicit web proxy is known to be either HTTP, HTTPS, or FTP over HTTP and since the ports are already known by the proxy, the explicit web proxy does not use the HTTP or HTTPS proxy options settings. The explicit web proxy does support the following proxy options:
• Enable chunked bypass
• HTTP oversized file action and threshold
The explicit web proxy does not support the following proxy options:
• Client comforting
• Server comforting
• Monitor content information from dashboard. URLs visited by explicit web proxy users are not added to dashboard usage and log and archive statistics widgets.
For explicit web proxy sessions, the FortiGate unit applies antivirus scanning to HTTP POST requests and HTTP responses. The FortiGate unit starts virus scanning a file in an HTTP session when it receives a file in the body of an HTML request. The explicit web proxy can receive HTTP responses from either the originating web server or the FortiGate web cache module.
Flow-based virus scanning is not available for explicit web proxy sessions. Even if the FortiGate unit is configured to use flow-based antivirus, explicit web proxy sessions use the regular virus database.