Fortinet FortiGate Series Administration Manual page 211

System Network
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Proxy FQDN
Max HTTP request length
Max HTTP message length
Add headers to Forwarded
Requests
Client IP Header
Via Header
X-forwarded-for Header
Front-end HTTPS Header Enable to include the Front-end HTTP Header from the original
Explicit Web Proxy Options
Enable Explicit Web
Proxy
Port
Listen on Interfaces
Unknown HTTP version
To enable the explicit web proxy on one or more interfaces
To use the explicit web proxy, users must add a proxy server to their web browser
configuration. The IP address of the proxy server would be the IP address of the FortiGate
interface connected to their network (if the FortiGate unit is operating in NAT mode) or the
management IP address (if the FortiGate unit is operating in transparent mode). The port
number of the proxy server would be the same as the Explicit web proxy Port configured
step 6 below.
1 Go to System > Network > Interface.
2 Select an interface to enable the explicit web proxy for.
3 Select Enable explicit web proxy, and save the changes.
4 Repeat to enable the explicit web proxy on all of the interfaces that users will connect
to when web browsing.
When you go to System > Network > Web Proxy, under Explicit web proxy you will see
the interfaces that you enabled.
Note: Only interfaces that have explicit web proxy enabled and are in the current VDOM
will be displayed. If an interface has a VLAN subinterface configured, it must be enabled
separately for explicit web proxy. Enabled interfaces will be displayed independent of
explicit web proxy being enabled or not on the Web Proxy screen.
Enter the fully qualified domain name (FQDN) for the proxy server.
This is the domain name to enter into browsers to access the proxy
server.
Enter the maximum length of an HTTP request. Larger requests
will be rejected.
Enter the maximum length of an HTTP message. Larger messages
will be rejected.
The web proxy server will forward HTTP requests to the internal
network. You can include the following headers in those requests:
Enable to include the Client IP Header from the original HTTP
request.
Enable to include the Via Header from the original HTTP request.
Enable to include the X-Forwarded-For (XFF) HTTP header.
The XFF HTTP header identifies the originating IP address of a
web client or browser that is connecting through an HTTP proxy,
and the remote addresses it passed through to this point.
HTTPS request.
Web proxies can be transparent or explicit. Transparent web proxy
does not modify the web traffic in any way, but just forwards it to the
destination. Explicit web proxy can modify web traffic to provide
extra services and administration.
Explicit web proxy is configured with the following options.
Enable the explicit web proxy.
Enter the explicit web proxy server port. To use the explicit proxy,
users must add this port to their web browser proxy configuration.
Displays the interfaces that are being monitored by the explicit web
proxy server.
Select the action to take when the proxy server must handle an
unknown HTTP version request or message. Choose from either
Reject or Best Effort. The Reject option is more secure.
Configuring the explicit web proxy
211