Technical Tip: FortiProxy as a child-proxy not to perform DNS Lookup for client HTTP request

By default, in explicit proxy-chain setup, FortiProxy as child-proxy will perform DNS lookup for the intercepted client HTTP requests. 

Example setup, FortiProxy (child-proxy) intercepts incoming HTTP requests from the user. It then forwards the HTTP request to FortiGate (parent-proxy).

Computer IP@: 10.100.3.119
FPX (childproxy) IP@: 10.100.3.140
FGT (parentproxy) IP@: 10.100.2.210
FGT WAN IP@: 10.47.2.210

FortiProxy will perform a DNS lookup on a client request. Refer to the packet capture screenshot below:

If one wants to exempt the URL from DNS lookup in FortiProxy (child-proxy), it is possible to do a 'Server URL' configuration, so that FortiProxy do not perform the DNS lookup on those URL, and let the parent proxy do it.

The following configuration bypass URL "example.com" from DNS lookup on child-proxy.

config web-proxy url-match
    edit "URL-Forward-Example.com"
        set url-pattern "example.com"
        set forward-server "Proxy-Chain-Parent-Proxy"
        set cache-exemption enable
    next
end

With the Server URL configuration, the FortiProxy will not perform the DNS lookup on the URL that matches the Server URL setting. Refer to the packet capture screenshot below: