Sie sind auf Seite 1von 12

Skip to content

Menu

FortiGate

Complete Cookbook

Getting Started

Authentication

Security

VPNs

WiFi

FortiGate VM

Expert

FortiOS versions

5.4

5.2

5.0

4.3

FortiOS Online Help

FortiAnalyzer

FortiManager

FortiMail

Getting Started

Antispam

Troubleshooting

Best Practices
FortiMail Cloud

FortiWeb

More Products

FortiADC

FortiAP

FortiAuthenticator

FortiClient

FortiCloud

FortiExtender

FortiRecorder

FortiSandbox

FortiSwitch

FortiToken

FortiVoice Enterprise

Audio & Videos

FortiCast

Fortinet Stories

FortiOS

5.4

5.2

5.0

4.3

FortiMail

5.2

5.0

FortiADC

FortiRecorder

Resources
How to work with Fortinet Support

Supported Upgrade Paths FortiOS

SysAdmin Notes

FAQ

Tips

Take-out Menu

Glossary

Info

Suggest a recipe

Comment Policy

Documentation Forum

Visual Resources & Links

Cookbook Team

Haut du formulaire

Search for:
Search

Bas du formulaire

FortiGate/FortiOS 5.2.0/FortiOS 5.2.1/FortiOS 5.2.2/FortiOS 5.2.3/FortiOS


5.2.4/FortiOS 5.2.5+/WiFi

Explicit proxy with web caching

Posted on November 4, 2014 by Bill Dickie


i

Rate this recipe

In this example, you will add explicit proxy with web caching to your wireless
network.

All devices on the wireless network will be required to connect to the proxy at
port 8080 before they can browse web pages on the Internet. WAN Optimization
web caching is added to reduce the amount of Internet bandwidth used and
improve web browsing performance.*

Watch the video


1. Enabling WAN Optimization and configuring the explicit web proxy for the
wireless interface

Go to
System >
Config >
Features.
Ensure that
Explicit
Proxy
and WAN
Opt &
Cache are
enabled.

Go to
System >
Network >
Interfaces,
edit the
wireless
interface
and select
Enable
Explicit
Web Proxy.
Go to
System >
Network >
Explicit
Proxy.
Select
Enable
Explicit
Web Proxy
for
HTTP/HTTP
S. Make
sure that
Default
Firewall
Policy
Action is
set to
Deny.

2. Adding an explicit web proxy policy

Go to
Policy &
Objects >
Policy >
Explicit
Proxy and
create a
new policy.
Set Explicit
Proxy Type
to Web and
the
Outgoing
Interface to
the
Internet-
facing
interface.

Turn on
Web
Cache.

3. Configuring devices on the wireless network to use the web proxy

To use the web proxy, all devices on the wireless network must be configured
to use the explicit proxy server. The IP address of the server is the IP address
of the FortiGates wireless interface (in the example, 10.10.80.1) and the port
is 8080. Some browsers may have to be configured to use the devices proxy
settings.

Windows
Vista/7/8:

Open
Internet
Properties.
Go to
Connection
s > LAN
Settings
and enable
and
configure
the Proxy
Server.

Mac OS X:

Open
Network
Preferences
> Wi-Fi >
Advanced
> Proxies.
Select Web
Proxy
(HTTP) and
configure
the proxy
settings.
iOS:

Go to
Settings >
Wi-Fi. Edit
the
wireless
network.
Scroll down
to HTTP
PROXY
select
Manual and
configure
the proxy
settings.

Android:

In WiFi
network
connection
settings,
edit the
wireless
network.
Select
Show
advanced
options,
configure a
Manual
proxy and
enter the
proxy
settings.

4. Force HTTP and HTTPS traffic to use the Web Proxy

Block HTTP
and HTTPS
access to
the
Internet
from the
wireless
network so
that the
only path
to the
Internet is
through
the explicit
proxy. You
can edit or
delete
policies
that allow
HTTP or
HTTPS
access. You
can also
add a
policy to
the top of
the list that
Denies
HTTP and
HTTPS
traffic.

5. Results*

To confirm that the proxy is processing traffic, attempt to connect to the


Internet from the wireless network using a device that has not been
configured to connect to the proxy. Access should be blocked.

Configure
the device
to use the
proxy. You
should now
be able to
connect to
the
Internet.
Go to WAN
Opt. &
Cache >
Monitor
> WAN
Opt.
Monitor to
view
WEBPROXY
traffic in
the Traffic
Summary.C
heck the
Bandwidth
Optimizatio
n graph for
WEBPROXY
traffic

Go to WAN
Opt. &
Cache >
Monitor >
Cache
Monitor to
view web
caching
activity.

For further reading, check out The FortiGate explicit web proxy in the FortiOS 5.2
Handbook.

About

Latest Posts
Bill Dickie

Our Fearless Documentation Leader at Fortinet

After completing a science degree at the University of Waterloo, Bill began his
professional life teaching college chemistry in Corner Brook, Newfoundland and
fell into technical writing after moving to Ottawa in the mid '80s. Tech writing
stints at all sorts of companies finally led to joining Fortinet to write the first
FortiGate-300 Administration Guide.

Latest posts by Bill Dickie (see all)

FGCP High Availability Troubleshooting - October 17, 2016

High Availability with FGCP (Expert) - June 13, 2016

High Availability with two FortiGates - June 8, 2016

Share this recipe:

WAN Optimization and WAN Optimization Web Caching is not available on all
FortiGate models. For information about which models support this feature see
the FortiOS Feature/Platform matrix (http://docs.fortinet.com/d/fortigate-fortios-
5.2.4-feature-platform-matrix). Your FortiGate does not require WAN Optimization
Web Caching to configure the explicit proxy. You can skip the WAN Optimization
Web Caching steps if your FortiGate does not support this feature.

This step is only available if your FortiGate supports WAN Optimization and Web
Caching.

proxy, WiFi

Post navigation

Older post

Blocking Facebook

Newer post
Blocking Google access for consumer accounts

Leave a comment:

Before commenting, please read the site's comment policy. Only questions
related to documentation will be answered. For other concerns, please contact
Fortinet support.

Fortinet Take-out Menu

Haut du formulaire

Sign up for the biweekly newsletter about Fortinet documentation

Sign up

1487859542 10400 mc4w p-form-1

Bas du formulaire

AntiVirus application control authentication captive portal certificates CSF


dynamic VPN FortiAP FortiAuthenticator FortiCast FortiClient FortiCloud FortiGate
FortiGuard FortiMail FortiRecorder FortiSandbox FortiToken FortiVoice Enterprise
FSSO Google HA installation interfaces iOS IPsec VPN LDAP logging mobile
devices NAT RADIUS schedules site news site-to-site VPN SLBC SSL inspection SSL
VPN SysAdmin Notes traffic shaping troubleshooting two-factor authentication
video web filtering web server WiFi

Follow us:

CONTACT| DOCUMENTATION LIBRARY| FUSE| VIDEOS|


SUPPORT| CORPORATE| LEGAL| PRIVACY

2017 Fortinet

Das könnte Ihnen auch gefallen