Configuring the explicit web proxy - CLI
Use the following steps to configure the example explicit web proxy configuration from the CLI.
To enable the explicit web proxy on the Internal interface
1. Enter the following command to enable the explicit web proxy on the internal interface.
config system interface
edit internal
set explicit-web-proxy enable
end
To enable and configure the explicit web proxy
1. Enter the following command to enable the explicit web proxy and set the TCP port that proxy accepts HTTP and HTTPS connections on to 8888.
config web-proxy explicit
set status enable
set http-incoming-port 8888
set https-incoming-port 8888
set realm "You are authenticating with the explicit web proxy"
set sec-default-action deny
end
To add a RADIUS server and user group for the explicit web proxy
1. Enter the following command to add a RADIUS server:
config user radius
edit RADIUS_1
set server 10.31.101.200
set secret RADIUS_server_secret
end
2. Enter the following command to add a user group for the RADIUS server.
config user group
edit Explicit_proxy_user_group
set group-type firewall
set member RADIUS_1
end
To add a security policy for the explicit web proxy
1. Enter the following command to add a firewall address for the internal subnet:
config firewall address
edit Internal_subnet
set type iprange
set start-ip 10.31.101.1
set end-ip 10.31.101.255
end
2. Enter the following command to add the explicit web proxy security policy:
config firewall explicit-proxy-policy
edit 0
set proxy web
set dstintf wan1
set srcaddr Internal_subnet
set dstaddr all
set action accept
set service webproxy
set webcache enable
set identity-based enable
set ipbased disable
set active-auth-method basic
config identity-based-policy
edit 0
set groups Explicit_Proxy_user_group
set schedule always
set utm-status enable
set av-profile default
set webfilter-profile default
set profile-protocol-options default
end
end