各位好,
最近想搞一部PROXY SERVER實行HTTPS WEB cache來支持一些鬼地方上網的觀感
因為是HTTPS, 所以PROXY要求支持SSL DECRYPTION功能的
最好是支持 OVA / OVF 的VM安裝
有好建議的品牌嗎
已邀請的邦友 {{ invite_list.length }}/5
推薦參考一下FortiProxy
影片先提供一部
FortiProxy Overview & Setup on EXSI
如果有Fortinet Support帳號
應該可以download到ovf
本身都有試過FORTIGATE配合WEB CACHE + SSL DECRYPTION
旦因為是收費是SOLUTION, 暫時也還在考慮中
目前在測試PFSENSE上安裝Squid
再設定local CACHE + SSL DECRYPT, 好像HIT RATE還不錯呢
就不知道有沒更好的
你是用Explicit proxy
還是transparent proxy
如果你是擔心需要付web filter的授權費
其實你也只需要解析URL(不用授權費)
然後設定FQDN去block它就好
話說現在SSL decryption效能還不錯說
你用的是哪款fortigate
Explicit proxy
授權費那個有點特別
我用最新免費那個VM測試時候
發現好像沒FORTICARE, SSL DECRYPTION就停工了
然後WEB CACHE就廢了
正常硬件版201E因為FORTICARE, 就還沒試到一樣問題
Fortigate-VM trial 當然不行啦
看一下說明啦
FortiGate-VM evaluation license
那一句是說沒SSL INSPECTION-.-?
When spinning up a new FortiGate-VM, you choose to log in to FortiCare to activate the VM trial or upload a new license.
Limitations of the evaluation VM license include the following:
Maximum of one free evaluation copy per FortiCare account
Support for low encryption operation only, except for GUI management access and FortiManager communications
Maximum of 1 CPU and 2 GB of memory
Maximum of three interfaces, firewall policies, and routes
No FortiCare support
No FortiGuard support
Support for a maximum of two virtual domains (VDOM). When using multi-VDOM mode, the root VDOM must be an admin type and the other can be a traffic VDOM. See VDOM types.
What is a Low Encryption Device (LENC)? What are the restrictions?
Low Encryption means that the FortiGate, FortiMail or FortiCache device cannot use or inspect high encryption protocols such as 3DES and AES. It only uses a 56-BIT DES encryption to work with SSL VPN and IPSec VPN and it is not able to perform SSL Inspection.
FortiGate can use security profiles but they cannot assess or take action on encrypted traffic.
Shit.
iThome鐵人賽
看影片追技術