Configuration Steps - web‑based manager
Use the following steps to configure the example configuration from the FortiGate web‑based manager.
To add HTTP web caching to a security policy
1. Go to Policy & Objects > Policy > IPv4 and add a security policy that allows all users on the internal network to access the Internet.
Incoming Interface | Internal |
Source Address | all |
Outgoing Interface | wan1 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |
2. Select Enable NAT and select Use Destination Interface Address.
3. Turn on Web cache.
4. Select OK.
To add HTTPS web caching
1. From the CLI enter the following command to add HTTPS web caching to the policy.
Assume the index number of the policy is 5.
config firewall policy
edit 5
set webcache-https any
end
To cache HTTP traffic on port 80 and 8080
1. Go to Policy & Objects > Policy > Proxy Options and edit the default proxy options profile.
You could also add a new profile.
2. Under Protocol Port Mapping enable HTTP and under Inspection Ports enter 80,8080.
3. Go to Policy & Objects > Policy > IPv4, edit the security policy and
To cache HTTPS traffic on ports 443 and 8443
1. Go to Policy & Objects > Policy > SSL/SSH Inspection and edit the certificate-inspection SSL/SSH inspection profile.
You could also use the deep-inspection profile or add a new profile.
2. Under SSL Inspection Options select Multiple Clients Connecting to Multiple Servers.
3. Make sure Inspect All Ports is not selected.
4. Make sure HTTPS is turned on and enter 443,8443.
5. From the CLI, enter the following command to add the default proxy options profile and the certificate-inspection SSL SSH profile to the firewall policy.
config firewall policy
edit 5
set utm-status enable
set profile-protocol-options default
set ssl-ssh-profile certificate-inspection
end
| You need to use the CLI to add the protocol options profile unless you also add a security profile that uses proxy-based inspection. |