Configuring the explicit web proxy - web‑based manager
Use the following steps to configure the explicit web proxy.
To enable and configure the explicit web proxy
1. Go to System > Config > Features and turn on the Explicit Proxy feature.
2. Go to System > Network > Explicit Proxy and change the following settings:
Enable Explicit Web Proxy | Select HTTP/HTTPS. |
Listen on Interfaces | No change. This field will eventually show that the explicit web proxy is enabled for the Internal interface. |
HTTP Port | 8888 |
HTTPS Port | 0 |
Realm | You are authenticating with the explicit web proxy. |
Default Firewall Policy Action | Deny |
3. Select Apply.
To enable the explicit web proxy on the Internal interface
1. Go to System > Network > Interfaces.
2. Edit the internal interface.
3. Select Enable Explicit Web Proxy.
4. Select OK.
To add a RADIUS server and user group for the explicit web proxy
1. Go to User & Device > Authentication > RADIUS Servers and select Create New to add a new RADIUS server:
Name | RADIUS_1 |
Primary Server Name/IP | 10.31.101.200 |
Primary Server Secret | RADIUS_server_secret |
2. Select OK.
3. Go to User & Device > User > User Groups and select Create New to add a new user group.
Name | Explict_proxy_user_group |
Type | Firewall |
Remote Groups | RADIUS_1 |
Group Name | Any |
4. Select OK.
To add an explicit proxy policy
1. Go to Policy & Objects > Objects > Addresses and select Create New.
2. Add a firewall address for the internal network:
Category | Address |
Name | Internal_subnet |
Type | Subnet / IP Range |
Subnet / IP Range | 10.31.101.0 |
Interface | Any |
3. Go to Policy & Objects > Policy > Explicit Proxy and select Create New.
4. Configure the explicit web proxy policy.
Explicit Proxy Type | Web |
Source Address | Internal_subnet |
Outgoing Interface | wan1 |
Destination Address | all |
Action | AUTHENTICATE |
5. Under Configure Authentication Rules select Create New to add an authentication rule:
Groups | Explicit_policy |
Source User(s) | Leave blank |
Schedule | always |
6. Turn on Antivirus and Web Filter and select the default profiles for both.
7. Select the default proxy options profile.
8. Select OK.
9. Make sure Enable IP Based Authentication is not selected.
10. Turn on Web Cache.
11. Select OK.