Proxy addresses

Proxy addresses

This category of address is different from the other addresses in that it is not designed to be used in the normal firewall policy configuration. It is intended to be used only with explicit web proxies.

In some respects they can be like a FQDN addresses in that they refer to an alpha-numeric string that is assigned to an IP address, but then goes an additional level of granularity by using additional information and criteria to further specify locations or types of traffic within the website itself. In depth information on Explicit Proxy Addressing can be found in WAN Optimization, but it is worth laying out the steps of how to create an address object for this category.

Creating an proxy address

  1. Go to Policy & Objects > Addresses.
  2. Select Create New. A drop down menu is displayed. Select Address.
  3. In the Category field, choseProxy Address.
  4. Input a Name for the address object.
  5. For the Type field, select one of the options from the drop down menu.

Within the Explicit Proxy Address category there are 8 types of addresses. Each of these types will have associated field(s) that also need to have values entered to make the object specific to it’s address.

Type = URL Pattern

  • In the Host field, choose from drop down menu l In the URL Path Regex field, enter the appropriate string

Host Regex Match l In the Host Regex Pattern field, enter the appropriate string

URL Category

  • In the Host field, choose from drop down menu l In the URL Category field, choose from drop down menu

HTTP Method

  • In the Host field, choose from drop down menu l In the Request Method field, choose from drop down menu The options are: l CONNECT l DELETE l GET l HEAD l OPTIONS l POST l PUT l TRACE

User Agent

  • In the Host field, choose from drop down menu l In the User Agent field, choose from drop down menu The options are:
  • Apple Safari l Google Chrome
  • Microsoft Internet Explorer or Spartan l Mozilla Firefox l Other browsers

HTTP Header

  • In the Host field, choose from drop down menu l In the Header Name field, enter the appropriate string value l In the Header Regex field, enter the appropriate string value

Advanced (Source)

  • In the Host field, choose from drop down menu l In the Request Method field, choose from drop down menu (see HTTP Method type for option list) l In the User Agent field, choose from drop down menu (see User Agent type for option list)
  • In the Header Group table, create, edit or delete Header Name strings and associated Header Regex strings

Advance (Destination)

  • In the Host field, choose from drop down menu l In the Host Regex Pattern field, enter the appropriate string l In the URL Category field, choose from drop down menu
  1. Select the desired on/off toggle setting for Show in Address List. If the setting is enabled the address will appear in drop down menus where it is an option.
  2. Input any additional information in the Comments
  3. Press

Proxy address groups

To create a Proxy address group:

  1. Go to Policy & Objects > Addresses.
  2. Click on + Create New to get the drop down menu. Select Address Group.
  3. In the Category field, choose Proxy Group.
  4. Fill in a descriptive name in the Group Name
  5. If you wish, use the Change link to change the Color of icons in the GUI. There are 32 color options.
  6. In the Type field, select whether the group will be a Source Group (composed of source addresses) or a Destination Group (composed of destination addresses).
  7. Select anywhere in the Members field to bring forth the pane of potential members for selection to the group.
  8. Select the desired on/off toggle setting for Show in Address List. If the setting is enabled, the address will appear in drop down menus where it is an option.
  9. Input any additional information in the Comments
  10. Click on OK.
This entry was posted in Administration Guides, FortiGate, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.