Configuring the explicit web proxy - web‑based manager
Use the following steps to configure the explicit web proxy from FortiGate web‑based manager.
To enable and configure the explicit web proxy
1. Go to System > Network > Explicit Proxy and change the following settings:
Enable Explicit Web Proxy | Select HTTP/HTTPS. |
Listen on Interfaces | No change. This field will eventually show that the explicit web proxy is enabled for the Internal interface. |
HTTP Port | 8888 |
HTTPS Port | 8888 |
Realm | You are authenticating with the explicit web proxy. |
Default Firewall Policy Action | Deny |
2. Select Apply.
To enable the explicit web proxy on the Internal interface
1. Go to System > Network > Interface.
2. Edit the internal interface.
3. Select Enable Explicit Web Proxy.
4. Select OK.
To add a RADIUS server and user group for the explicit web proxy
1. Go to User & Device > Authentication > RADIUS Server and select Create New to add a new RADIUS server:
Name | RADIUS_1 |
Primary Server Name/IP | 10.31.101.200 |
Primary Server Secret | RADIUS_server_secret |
2. Select OK.
3. Go to User & Device > User > User Group and select Create New to add a new user group.
Name | Explict_proxy_user_group |
Type | Firewall |
Remote authentication servers | RADIUS_1 |
Group Name | Any |
4. Select OK.
To add a security policy for the explicit web proxy
1. Go to Firewall Objects > Address > Addresses and select Create New.
2. Add a firewall address for the internal network:
Address Name | Internal_subnet |
Type | Subnet / IP Range |
Subnet / IP Range | 10.31.101.[1-255] |
Interface | Any |
3. Go to Policy > Policy > Policy and select Create New.
4. Configure the explicit web proxy security policy.
Policy Type | Firewall |
Policy Subtype | User Identity |
Incoming Interface | web-proxy |
Source Address | Internal_subnet |
Outgoing Interface | wan1 |
Destination Address | all |
Service | webproxy |
5. Select Enable Web cache.
6. Under Configure Authentication Rules select Create New to add an authentication rule:
Groups | Explicit_policy |
Users | Leave blank |
Schedule | always |
Action | ACCEPT |
7. Turn on Antivirus and Web Filter and select the default profiles for both.
8. Select the default proxy options profile.
9. Select OK.
10. Make sure IP Based is not selected.
11. Select OK.