Chapter 23 WAN Optimization, Web Cache, Explicit Proxy, and WCCP : The FortiGate explicit web proxy : Example: users on an internal network browsing the Internet through the explicit web proxy with web caching, RADIUS authentication, web filtering and virus scanning : Configuring the explicit web proxy - web‑based manager
  
Configuring the explicit web proxy - web‑based manager
Use the following steps to configure the explicit web proxy.
To enable and configure the explicit web proxy
1. Go to System > Config > Features and turn on the Explicit Proxy feature.
2. Go to System > Network > Explicit Proxy and change the following settings:
Enable Explicit Web Proxy
Select HTTP/HTTPS.
Listen on Interfaces
No change. This field will eventually show that the explicit web proxy is enabled for the Internal interface.
HTTP Port
8888
HTTPS Port
0
Realm
You are authenticating with the explicit web proxy.
Default Firewall Policy Action
Deny
3. Select Apply.
To enable the explicit web proxy on the Internal interface
1. Go to System > Network > Interfaces.
2. Edit the internal interface.
3. Select Enable Explicit Web Proxy.
4. Select OK.
To add a RADIUS server and user group for the explicit web proxy
1. Go to User & Device > Authentication > RADIUS Servers and select Create New to add a new RADIUS server:
Name
RADIUS_1
Primary Server Name/IP
10.31.101.200
Primary Server Secret
RADIUS_server_secret
2. Select OK.
3. Go to User & Device > User > User Groups and select Create New to add a new user group.
Name
Explict_proxy_user_group
Type
Firewall
Remote Groups
RADIUS_1
Group Name
Any
4. Select OK.
To add an explicit proxy policy
1. Go to Policy & Objects > Objects > Addresses and select Create New.
2. Add a firewall address for the internal network:
Category
Address
Name
Internal_subnet
Type
Subnet / IP Range
Subnet / IP Range
10.31.101.0
Interface
Any
3. Go to Policy & Objects > Policy > Explicit Proxy and select Create New.
4. Configure the explicit web proxy policy.
Explicit Proxy Type
Web
Source Address
Internal_subnet
Outgoing Interface
wan1
Destination Address
all
Action
AUTHENTICATE
5. Under Configure Authentication Rules select Create New to add an authentication rule:
Groups
Explicit_policy
Source User(s)
Leave blank
Schedule
always
6. Turn on Antivirus and Web Filter and select the default profiles for both.
7. Select the default proxy options profile.
8. Select OK.
9. Make sure Enable IP Based Authentication is not selected.
10. Turn on Web Cache.
11. Select OK.