AnsweredHot!Forticache explicit proxy.

Author
rocampo
Silver Member
  • Total Posts : 89
  • Scores: 5
  • Reward points: 0
  • Joined: 2006/07/24 02:43:30
  • Status: offline
2015/10/13 16:23:32 (permalink)
0

Forticache explicit proxy.

Hi,
 
Anyone has a procedure to configure Forticache
as an explicit proxy?
 
#1
Carl Windsor_FTNT
Fortinet
  • Total Posts : 248
  • Scores: 38
  • Reward points: 0
  • Joined: 2012/05/02 03:09:16
  • Location: United Kingdom
  • Status: offline
Re: Forticache explicit proxy. 2015/10/14 03:58:50 (permalink) ☼ Best Answerby rocampo 2015/10/14 05:39:45
0
**I recommend that you use the new Fortinet Community Portal - FUSE going forwards**
 
First port of call is the FortiCache Admin Guide but in summary the minimum configuration to get up and running is:
  • Ensure the FortiCache is set up with the basic networking (interface IPs, Static Route, DNS)
    • If this is a VM, ensure your data disks are mounted, formatted and assigned to the cache process
  • Enable Explicit Proxy on the client facing FCH interface under Firewall Objects > Explicit Proxy > Explicit
  • Configure a Firewall Policy between the Explicit Interface and the Internet.  Test that this works first, then enable caching (as shown in this screenshot).
    • To test, change your browser setting to point at the FAC IP on port 8080 if you use the defaults in Firewall Objects > Explicit Proxy > Explicit
There are other setting which you can look at changing once you have the basics set up e.g. PAC files, alternate ports, FTP over HTTP but get the basics working first, then move on.
 

Dr. Carl Windsor
Field Chief Technology Officer
Fortinet
#2
rocampo
Silver Member
  • Total Posts : 89
  • Scores: 5
  • Reward points: 0
  • Joined: 2006/07/24 02:43:30
  • Status: offline
Re: Forticache explicit proxy. 2015/10/14 05:56:29 (permalink)
0
Got this to work earlier.
I posted on this forum since when default port (8080) was used, the browser was
getting "connection refused" errors - I thought I was missing something.
Only when I changed the default port did it work.
I'm surprised the Admin Guide does not have a procedure on this.
Although, I've noticed, video traffic running on HTTPS is not being cached for some reason.
This is actually just a side step, to a more complicated setup which involves the Forticache being
integrated with a FG1000D via WCCP. HTTP caching is working on that setup but HTTPS is not working.
I wanted to try the Explicit Proxy setup just to make sure HTTPS proxy can work.
I've got a ticket opened for the "WCCP-HTTPS" problem, still waiting for an Engineer to take ownership.
Thank you for the reply, your answer leads to a solution.
 
 
Carl Windsor
**I recommend that you use the new Fortinet Community Portal - FUSE going forwards**
 
First port of call is the FortiCache Admin Guide but in summary the minimum configuration to get up and running is:
  • Ensure the FortiCache is set up with the basic networking (interface IPs, Static Route, DNS)
    • If this is a VM, ensure your data disks are mounted, formatted and assigned to the cache process
  • Enable Explicit Proxy on the client facing FCH interface under Firewall Objects > Explicit Proxy > Explicit
  • Configure a Firewall Policy between the Explicit Interface and the Internet.  Test that this works first, then enable caching (as shown in this screenshot).
    • To test, change your browser setting to point at the FAC IP on port 8080 if you use the defaults in Firewall Objects > Explicit Proxy > Explicit
There are other setting which you can look at changing once you have the basics set up e.g. PAC files, alternate ports, FTP over HTTP but get the basics working first, then move on.
 




#3
Carl Windsor_FTNT
Fortinet
  • Total Posts : 248
  • Scores: 38
  • Reward points: 0
  • Joined: 2012/05/02 03:09:16
  • Location: United Kingdom
  • Status: offline
Re: Forticache explicit proxy. 2015/10/14 06:12:13 (permalink)
0
rocampo
Although, I've noticed, video traffic running on HTTPS is not being cached for some reason.

 
I am assuming you have enabled HTTPS Inspection on the firewall policy.  If so, add the following command to the firewall policy (CLI only). 
 
config firewall policy
   edit 1
       set srcintf "Explicit_Proxy"
       set dstintf "port1"
       set srcaddr "all"
       set dstaddr "all"
       set action accept
       set schedule "always"
       set service "webproxy"
       set utm-status enable
       set logtraffic all
       set logtraffic-start enable
       set log-http-transaction enable
       set webcache enable
       set webcache-https any            <------ Required to cache video content
       set profile-protocol-options "default"
       set deep-inspection-options "default"
  next
end

Dr. Carl Windsor
Field Chief Technology Officer
Fortinet
#4
rocampo
Silver Member
  • Total Posts : 89
  • Scores: 5
  • Reward points: 0
  • Joined: 2006/07/24 02:43:30
  • Status: offline
Re: Forticache explicit proxy. 2015/10/14 06:14:42 (permalink)
0
 
That one I missed. :)
#5
rocampo
Silver Member
  • Total Posts : 89
  • Scores: 5
  • Reward points: 0
  • Joined: 2006/07/24 02:43:30
  • Status: offline
Re: Forticache explicit proxy. 2015/10/14 06:36:44 (permalink)
0
Btw, these 2 commands:
 
 set profile-protocol-options "default"
  set deep-inspection-options "default"
Are not available for Explicit Proxy ---> Internet Facing Interface, Firewall Policy.
 
 
#6
ashley.beeharry@angloenterprises.com
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/03 22:11:56
  • Status: offline
Re: Forticache explicit proxy. 2018/12/04 03:54:45 (permalink)
0
Hello,

Has there been any solution to got this work.

Had the same issue and only HTTP is being cached.
 
Any idea on how to cache HTTPS?
 
Support also not helping a lot on this issue.
 
Regards,
Ashley
#7
Jump to:
© 2019 APG vNext Commercial Version 5.5