Unknown HTTP version
You can select the action to take when the proxy server must handle an unknown HTTP version request or message. Set unknown HTTP version to Reject or Best Effort. Best Effort attempts to handle the HTTP traffic as best as it can. Reject treats known HTTP traffic as malformed and drops it. The Reject option is more secure.
You can enter an authentication realm to identify the explicit web proxy. The realm can be any text string of up to 63 characters. If the realm includes spaces enclose it in quotes. When a user authenticates with the explicit web proxy the HTTP authentication dialog includes the realm so you can use the realm to identify the explicitly web proxy for your users.
Implementing Botnet features
The option scan-botnet-connections can be added to an explicit proxy policy.
config firewall explicit-proxy-policy
set scan-botnet-connections [disable|block|monitor]
- disable means do not scan connections to botnet servers.
- block means block connections to botnet servers.
- monitor means log connections to botnet servers.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!