|
In a proxy setup the Forwarding-server configuration is as below:
config web-proxy forward-server
edit "proxy-1"
set ip 10.61.10.43
set healthcheck enable
set monitor "https://www.google.com"
next
end
And this forward-server is reachable via port3:
Routing table for VRF=0
S* 0.0.0.0/0 [10/0] via 10.5.31.254, port1, [1/0]
C 10.5.16.0/20 is directly connected, port1
C 10.5.48.0/20 is directly connected, port2
C 10.61.0.0/20 is directly connected, port3
C 172.31.128.0/20 is directly connected, port4
However, the Proxy policy should be configured as per the default route on the Fortigate but not the outgoing interface set to port3 as the policy will not take a hit.
Correct Proxy policy for the above scenario:
config firewall proxy-policy
edit 1
set uuid cacd1f0e-506d-51ee-6c1d-9727ee9c89fd
set name "test"
set proxy explicit-web
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set logtraffic all
set webproxy-forward-server "proxy-1"
set utm-status enable
next
end
Use following command to verify the health of the forward-server.
diag sys health-check show
Note:
Both the explicit proxy device and the forward server should be able to resolve the hostnames for the requests coming from the client.
|
