Description
This article describes how to configure FortiGate to act as an explicit web proxy.
FSSO, as passive authentication, is used to collect user logon event from active directory.
Related link:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/826729/explicit-proxy-authentication.
Solution
# config system settings2) Enable Explicit Web Proxy.
set sip-helper enable
set gui-explicit-proxy enable
end
# config web-proxy explicit3) Create an Authentication Scheme.
set status enable
set http-incoming-port 8080
end
# config authentication scheme4) Create an Authentication RULE.
edit "NewFSSO"
set method fsso
next
end
# config authentication rule
edit "AuthRule"
set srcaddr "WindowsAD" "WindowsCLIENT" <-----(which source addresses this rule match to?)
set sso-auth-method "NewFSSO"
next
end
Related link.5) Create a Proxy Policy.# config firewall proxy-policy
edit 1
set proxy explicit-web
set dstintf "port1"
set srcaddr "WindowsAD" "WindowsCLIENT"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set groups "FSSO_Group1" (created in step 1)
next
end
6) Configure the Browser/System for Explicit web proxy.7) Monitoring.Whereas as g_id, pol_id are dynamic in this view and can change if other policies with different address objects are hit.
# diag firewall auth listGives a good result, but also show the combination in the GUI under the Monitoring widget (starting 6.4) or the Monitoring section (6.2 and lower).
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.