FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description In some specific configuration, HTTP and HTTPS ports are not the standard ones (80 and 443).
Following is an example with a Fortigate in Transparent before a web proxy :
< LAN >-----[ FGT-inTP ]------[ Web-Proxy - HTTP 8080 / HTTPs 8181 ]-----< Internet >
If the Fortigate is configured to use NTLM authentication, it must be configured to trigger this authentication on the ports used by the web proxy.
Scope FortiOS 4.0 and above.
Solution In the "user setting" configuration, two "auth-ports" entries have to be created. One with the web proxy HTTP port, the second one with the web proxy HTTPS port.
Example (CLI only) :
config user setting config auth-ports edit 1 set port 8080 next edit 2 set port 8181 next end end
Important : both entries here above are set with "type http", which is not displayed because being the default values. This can be verified when typing "get" :
FGT # config user setting FGT (setting) # config auth-ports FGT (auth-ports) # edit 1 FGT (1) # get
