Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
info2
New Contributor

How route 1 vlans internet traffic through a proxy on another vlan?

Could someone, as if they were speaking to a child, explain the steps and infrastructure I would need to accomplish this:

I have a Fortigate 60e firewall.

 

I have been tasked with setting up a network with 4 VLANs with different subnets. VLAN1 contains a proxy server and there is to be no internet access except through this proxy for both VLAN1 AND VLAN2. VLAN 3 and 4 I can control normally with the 60e policies. 

So far I am thinking, create 4 vlans in the 60e.

Vlan 3 and 4 are fine to deal with normally.

Now I just don't understand networking enough to know what to do from here.

How do I set up a proxy on VLAN 1 (squid?) and then how do I get traffic from vlan2's subnet going over to vlan1's subnet and going through the proxy? How does that work?

Gateways, switches, broadcast domains, multiple subnets???

 

Could someone please give me a little guidance here?

 

I feel out of my depth here so thanks for any help guys :)

 

Jono

4 REPLIES 4
orani
Contributor II

Lets assum that you are talking for L2 vlans. Then you have to set your vlan 2 machines using your proxy at some port. Then you have to configure a policy at your firewall from vlan 2 to vlan 1 accepting the traffic for your proxy port. Also configure a policy for proxy from vlan 1 accepting internet traffic. I think that would be fine.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
smari
New Contributor

If you are only talking about web traffic, look into explicit web proxy :

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-WAN-opt-54/web_proxy.htm#Example_exp...

If you are terminating the L2 vlans on the Fortigate this shouldn't be a problem.

Web proxy is configured in the browser in most cases , like in Firefox :

Preferences -> Network Settings -> Manual proxy configuration

NSE7, FMG, FAC, FAZ .

1500D's, 1200D's, 900D's, 300D's, 200D's, 100D's and bunch of small stuff.

 

NSE7, FMG, FAC, FAZ . 1500D's, 1200D's, 900D's, 300D's, 200D's, 100D's and bunch of small stuff.
info2
New Contributor

Guys thanks so much for the help... I am trying to implement now. Will let you know how it goes!

 

info2
New Contributor

Just to follow up, this worked great. Fortigates are awesome!

Labels
Top Kudoed Authors