Hot!Explicit web proxy - advantages ?

Author
spyke62
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/24 07:34:33
  • Status: offline
2017/07/24 08:29:19 (permalink)
0

Explicit web proxy - advantages ?

Hi,
 
I use fortios 5.2 / 5.4 
 
I only use transparent proxy and manage rules (server, nat, users access) via the menu "Policy -> IPV4" 
 
I know when you activate explicite proxy, a new menu is available to use access via fortgate explicite proxy.
You need to configure web browser firewall  with IP and port. 
 
But what is the advantages of using the explicit proxy rather than transparent proxy ? 
 
Thank you, 
Spyke 
 
#1

4 Replies Related Threads

    ipns
    New Member
    • Total Posts : 12
    • Scores: 1
    • Reward points: 0
    • Joined: 2017/03/16 06:41:47
    • Status: offline
    Re: Explicit web proxy - advantages ? 2017/07/25 23:10:04 (permalink)
    0
    Hi,
     
    In my opinion it's better to use the proxy rather than the explicit proxy. Some applications have some issues with explicit proxy and will not use it. So for a more complete picture, you use normal proxy.
    When you have a company which devides the network management and system management to different departments, it may be handy to let the proxy settings be managed by the system management. Then u can choose to use explicit proxy so system management can alter the settings by using GPO's.
    But in the end, when you have the choice, don't use explicit proxy.

    Kind Regards, 
    IPNS
    #2
    Wurstsalat
    New Member
    • Total Posts : 12
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/10/18 01:05:35
    • Status: offline
    Re: Explicit web proxy - advantages ? 2017/08/03 05:34:08 (permalink)
    0
    On fortios 5.2/5.4 you cant use web authentication...with 5.6 you have this ability. The ip based authentication method was for me never really realiable...so if you want authentication which is a bit reliable, go for explicit or fortios 5.6 (would not recommend at the Moment)
    If you want something like forms based auth (for whatever reason, disclaimer or what else), go for explicit
    if you want to control your web traffic, you want ssl deep inspection, you go better with explicit
     
     
    #3
    emnoc
    Expert Member
    • Total Posts : 4216
    • Scores: 237
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Status: offline
    Re: Explicit web proxy - advantages ? 2017/08/03 07:36:28 (permalink)
    0
    Advantages ( explicit )
     
    You can enforce user proxy  via groups
    controls  id-polices  ( identity )
    You have more controls over what SSL or now I guess TLS ciphers that are in used
    header insertions
    You can craft numerous  explicit proxy that  indirectly have different profiles
     
    e.g in a schoold
     
     explicitproxy 01 ---Police, resource Officers, Faculty
     explicitproxy 02 -- students K-4
     explicitproxy 03 -- students 5-8
     explicitproxy 04 -- students 9-12
     explicitproxy 05 -- guest
     
    Each could have it owns authentication methods
     
    e.g
     
    Proxy 01  local
    Proxy 02  LDAP elem.example.edu
    Proxy 03  LDAP middle.example.edu
    Proxy 04  LDAP high.example.edu
     
     
     
    Dis-advanatge, you need a hard configuration or some type of PAC or AUTO-discovery
     
     
    Adv/Dis-advantage of explicit are the reverse in transparent.

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #4
    MikePruett
    Platinum Member
    • Total Posts : 644
    • Scores: 12
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: online
    Re: Explicit web proxy - advantages ? 2017/08/03 20:30:23 (permalink)
    0
    I have a client for a school that uses explicit proxy for interior and exterior users. Loves it and swears by it. Does what was mentioned previously and gives each group their own policy.
     
    Disperses via PAC file

    Mike Pruett
    Fortinet GURU
    #5
    Jump to:
    © 2017 APG vNext Commercial Version 5.5