Tag Archives: fortinet Web Proxy firewall services and service groups

Web Proxy firewall services and service groups

Web Proxy firewall services and service groups

Configure web proxy services by selecting Explicit Proxy when configuring a service. Web proxy services can be selected in a explicit web proxy policy when adding one from the CLI. If you add a policy from the web-based manager the service is set to the webproxy service. The webproxy service should be used in most cases, it matches with any traffic with any port number. However, if you have special requirements, such as using a custom protocol type or a reduced port range or need to add an IP/FQDN to an explicit proxy service you can create custom explicit web proxy services.

Web proxy services are similar to standard firewall services. You can configure web proxy services to define one or more protocols and port numbers that are associated with each web proxy service. Web proxy services can also be grouped into web proxy service groups.

One way in which web proxy services differ from firewall services is the protocol type you can select. The following protocol types are available:

  • ALL
  • CONNECT
  • FTP
  • HTTP
  • SOCKS-TCP
  • SOCKS-UDP

To add a web proxy service go to Policy & Objects > Services and select Create New. Set Service Type to Explicit Proxy and configure the service as required. To add a web proxy service from the CLI enter:

config firewall service custom edit my-socks-service

set explicit-proxy enable set category Web Proxy

set protocol SOCKS-TCP

set tcp-portrange 3450-3490 end

 

To add a web proxy service group go to Policy & Objects > Services and select Create New > Service Group. Set Type to Explicit Proxy and add web proxy services to the group as required. To add a web proxy service group from the CLI enter:

config firewall service group edit web-group

set explicit-proxy enable

set member webproxy my-socks-service end