Explicit proxy with web caching

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you will add explicit proxy with web caching to your wireless network.

All devices on the wireless network will be required to connect to the proxy at port 8080 before they can browse web pages on the Internet. WAN Optimization web caching is added to reduce the amount of Internet bandwidth used and improve web browsing performance.

1. Enabling WAN Optimization and configuring the explicit web proxy for the wireless interface

Go to System > Config > Features. Ensure that Explicit Proxy and WAN Opt & Cache are enabled.
Turn on WAN Optimization & Web Caching
Go to System > Network > Interfaces, edit the wireless interface and select Enable Explicit Web Proxy.  Enable the Explicit web proxy on a FortiGate interface
Go to System > Network > Explicit Proxy. Select Enable Explicit Web Proxy for HTTP/HTTPS. Make sure that Default Firewall Policy Action is set to Deny.

2. Adding an explicit web proxy policy

Go to Policy & Objects > Policy > Explicit Proxy and create a new policy. Set Explicit Proxy Type to Web and the Outgoing Interface to the Internet-facing interface.  
Turn on Web Cache.

3. Configuring devices on the wireless network to use the web proxy

To use the web proxy, all devices on the wireless network must be configured to use the explicit proxy server. The IP address of the server is the IP address of the FortiGate’s wireless interface (in the example, 10.10.80.1) and the port is 8080. Some browsers may have to be configured to use the device’s proxy settings.

Windows Vista/7/8:

Open Internet Properties. Go to Connections > LAN Settings and enable and configure the Proxy Server.

Mac OS X:

Open Network Preferences > Wi-Fi > Advanced > Proxies. Select Web Proxy (HTTP) and configure the proxy settings.

iOS:

Go to Settings > Wi-Fi. Edit the wireless network. Scroll down to HTTP PROXY select Manual and configure the proxy settings.

 iOS explicit web proxy setup

Android:

In WiFi network connection settings, edit the wireless network. Select Show advanced options, configure a Manual proxy and enter the proxy settings.

Andriod explicit proxy setup

4. Force HTTP and HTTPS traffic to use the Web Proxy

Block HTTP and HTTPS access to the Internet from the wireless network so that the only path to the Internet is through the explicit proxy. You can edit or delete policies that allow HTTP or HTTPS access. You can also add a policy to the top of the list that Denies HTTP and HTTPS traffic.  Deny HTTP and HTTPS traffic

5. Results

To confirm that the proxy is processing traffic, attempt to connect to the Internet from the wireless network using a device that has not been configured to connect to the proxy. Access should be blocked.  
Configure the device to use the proxy. You should now be able to connect to the Internet.
Go to WAN Opt. & Cache > Monitor > WAN Opt. Monitor to view WEBPROXY traffic in the Traffic Summary.Check the Bandwidth Optimization graph for WEBPROXY traffic
 
Go to WAN Opt. & Cache > Monitor > Cache Monitor to view web caching activity.
 

For further reading, check out The FortiGate explicit web proxy in the FortiOS 5.2 Handbook.

Bill Dickie

Our Fearless Documentation Leader at Fortinet
After completing a science degree at the University of Waterloo, Bill began his professional life teaching college chemistry in Corner Brook, Newfoundland and fell into technical writing after moving to Ottawa in the mid '80s. Tech writing stints at all sorts of companies finally led to joining Fortinet to write the first FortiGate-300 Administration Guide.

Latest posts by Bill Dickie (see all)

  • Was this helpful?
  • Yes   No
WAN Optimization and WAN Optimization Web Caching is not available on all FortiGate models. For information about which models support this feature see the FortiOS Feature/Platform matrix (http://docs.fortinet.com/d/fortigate-fortios-5.2.4-feature-platform-matrix). Your FortiGate does not require WAN Optimization Web Caching to configure the explicit proxy. You can skip the WAN Optimization Web Caching steps if your FortiGate does not support this feature.
This step is only available if your FortiGate supports WAN Optimization and Web Caching.
  • Pablo

    “Go to WAN Opt. & Cache > Monitor > Cache Monitor to view web caching activity.” This option is disabled in the GUI in 5.2.4