Transparent proxy

Transparent proxy

In a transparent proxy deployment, the user’s client software, such as a browser, is unaware that it is communicating with a proxy.

Users request Internet content as usual, without any special client configuration, and the proxy serves their requests. FortiGate also allows user to configure in transparent proxy mode.

To configure transparent proxy in the GUI:

  1. Configure a regular firewall policy with HTTP redirect:
    1. Go to Policy & Objects > IPv4 Policy.
    2. Click Create New.
    3. Name the policy appropriately, set the Incoming Interface to port2, and set the Outgoing Interface to port1.
    4. Also set Source and Destination to all, Schedule to always, Service to ALL, and Action to ACCEPT.
    5. Set Inspection Mode to Proxy-based and SSL Inspection to deep-inspection.
    6. Configure the remaining settings as needed.
    7. Click OK.
  2. Configure a transparent proxy policy:
  3. Go to Policy & Objects > Proxy Policy.
  4. Click Create New.
  5. Set Proxy Type to Transparent Web, set the Incoming Interface to port2, and set the Outgoing Interface to port1.
  6. Also set Source and Destination to all, Scheduleto always, Service to webproxy, and Action to ACCEPT.
  7. Configure the remaining settings as needed.
  8. No special configure is required on the client to use FortiGate transparent proxy. As the client is using the FortiGate as its default gateway, requests will first hit the regular firewall policy, and then be redirected to the transparent proxy policy.

To configure transparent proxy in the CLI:

  1. Configure a regular firewall policy with HTTP redirect:

config firewall policy edit 1 set name “1”

set uuid c5c30442-54be-51e9-c17c-4513b1c973c0

set srcintf “port2” set dstintf “port1” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL” set inspection-mode proxy set http-policy-redirect enable

set fsso disable

set ssl-ssh-profile “deep-inspection”

set nat enable

next

end

  1. Configure a transparent proxy policy:

config firewall proxy-policy edit 5 set uuid 8fb05036-56fc-51e9-76a1-86f757d3d8dc set proxy transparent-web set srcintf “port2” set dstintf “port1” set srcaddr “all” set dstaddr “all” set service “webproxy” set action accept set schedule “always”

next end

  1. No special configure is required on the client to use FortiGate transparent proxy. As the client is using the FortiGate as its default gateway, requests will first hit the regular firewall policy, and then be redirected to the transparent proxy policy.
This entry was posted in Administration Guides, FortiGate, FortiOS, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.