FortiWeb Administration Guide PDF 14 wrz 2020 SSL offloading

FortiWeb 6.4.0 Administration Guide

30 cze 2021 SSL inspection cipher suites and protocols (offline and Transparent Inspection). 284. CA certificates. 285. Importing CA certificate files ...

FortiWeb Cloud User Guide

11 sie 2020 Importing/Getting/Deleting intermediate certificates ... Off: FortiWeb Cloud automatically retrieves the SSL certificate used to.

FortiWeb Cloud User Guide

10 lip 2019 You can later go to Network > Endpoints for advanced settings such as specifying the SSL certificate SSL protocols

FortiWeb Administration Guide

14 wrz 2020 SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent ... Configure FortiWeb to validate server certificates.

FortiWeb 6.3.11 CLI Reference

1 kwi 2021 system certificate intermediate-certificate-group ... You can use either interface or both to configure the FortiWeb appliance.

FortiWeb Cloud User Guide

21 mar 2020 Importing/Getting/Deleting intermediate certificates ... Off: FortiWeb Cloud automatically retrieves the SSL certificate used to.

FortiWeb 7.0.1 Trouble-shooting Guide

22 kwi 2022 Decrypting SSL packets to analyze traffic issues ... To verify configure FortiWeb to detect the attack

FortiWeb 6.3.5 CLI Reference

22 lip 2020 system certificate intermediate-certificate-group ... You can use either interface or both to configure the FortiWeb appliance.

FortiWeb 6.0.4 Administration Guide

24 kwi 2019 SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy) ... Configure FortiWeb to validate server certificates.

FortiWeb 5.7.1 Administration Guide

3 cze 2020 Example: Importing the personal certificate & private key to a client's ... can be negotiated between FortiWeb and clients via SSL ALPN ...

Switch

FortiGate

Protected Web

ServersAdministratorFortiWeb

Client

Set-Cookie: name=cookiesession1...

Cookie: name=cookiesession1...

FortiWeb AFortiWeb B

FortiWeb HA pair

Standby

Active

ModifyFailover

Set-Cookie: name=cookiesession1...

Cookie: name=cookiesession1...

Cookies accepted

though sessions are not synchronizedActive

Standby

XML attacksFlash, XSS, SQL injection

IP spoongViruse

FortiGate + FortiWeb

FortiWeb

10.0.2.1

port2192.0.2.1 port3Web

Server 1

Web

Server 2

Client

10.0.2.200

FortiADC

FortiWeb Sees

HTTP ClientÕs IP

Block 10.0.2.200?

10.0.2.1

port2192.0.2.1 port3 Web

Server 1

Web

Server 2

Client

10.0.2.200

FortiADC

SNAT Hides

HTTP ClientÕs IP

192.0.2.2

port2172.0.2.1 port3

FortiWeb

Block 192.0.2.1?

10.0.2.1

port2192.0.2.1 port3 Web

Server 1

Web

Server 2

Client

10.0.2.200

FortiADC

FortiWeb Sees

HTTP ClientÕs IP

192.0.2.2

port2172.0.2.1 port3

GET /index.php

X-Real-IP:

10.0.2.200,192.0.2.1

FortiWeb

Block 10.0.2.200?

FortiWeb

10.0.2.1

port2port3

192.0.2.1

Switch

192.0.2.2/24

192.0.2.3/24

Web

Server 1

Web

Server 2

Client

FortiGate

port3

192.0.2.2HTTP

Only

HTTP &

SFTP SFTP

Scanned

HTTP

FortiGateClient

port2

10.0.2.1port3192.0.2.1

192.0.2.3/24

Web

Servers

FortiWeb

192.168.1.1/24

LAN port1

172.16.1.10/24port3

(bridge1)port4 (bridge1)

Client

Administrator

LALAN

FortiGate

Switch

192.168.1.4/24

Web

Server 2

192.168.1.3/24

Web

Server 1

FortiWeb

192.168.1.1/24

port2

Switch

192.168.1.3/24

192.168.1.4/24

Web

Server 1

Web

Server 2

Client

FortiGate

FortiWeb resets TCP

connection if it detects policy violation

FortiWeb

port3

172.22.80.1/24

port3

172.22.80.100/24

Client

FortiGate

Switch

192.168.1.5/24

Web

Server 2

192.168.1.4/24

Web

Server 1

HTTP and HTTPS

Scanned

HTTP and

HTTPS non-HTTP port1 port2

192.168.1.1/24

FortiGate

Servers

Clients

Switch

To fail over, standby sends

gratuitous ARP

OE. This causes

network to transfer all FortiWeb

VMAC & IP addresses to

ports linked to standby

10.0.0.1

10.0.1.1

10.0.2.1

port1

FortiWeb HA pair

port3 port4

Standby

192.168.1.1

port2

192.168.1.2-4

Heartbeat

Links

OE arp reply 10.0.0.1

is-at 00:09:0f:09:00:00 (00:09:0f:09:00:00) arp reply 10.0.1.1 is-at 00:09:0f:09:00:00 (00:09:0f:09:00:00) arp reply 10.0.2.1 is-at 00:09:0f:09:00:00 (00:09:0f:09:00:00)arp reply 192.168.1.1is-at 00:09:0f:09:00:02(00:09:0f:09:00:02) port2port1 vserver1 vserver2Active (Failed) port1

FortiWeb

transparent proxy

FortiWeb

transparent proxy

FortiADC

192.168.1.1

port2

Client

Switch

192.168.1.2/24

192.168.1.3/24

quotesdbs_dbs5.pdfusesText_9

[PDF] FortiWeb Administration Guide 14 wrz 2020 SSL offloading

Switch

FortiGate

Protected Web

ServersAdministratorFortiWeb

Client

Set-Cookie: name=cookiesession1...

Cookie: name=cookiesession1...

FortiWeb AFortiWeb B

FortiWeb HA pair

Standby

Active

ModifyFailover

Set-Cookie: name=cookiesession1...

Cookie: name=cookiesession1...

Cookie: name=cookiesession1...

Cookies accepted

Standby

XML attacksFlash, XSS, SQL injection

IP spoongViruse

FortiGate + FortiWeb

FortiWeb

10.0.2.1

Server 1

Server 2

Client

10.0.2.200

FortiADC

FortiWeb Sees

HTTP ClientÕs IP

Block 10.0.2.200?

10.0.2.1

Server 1

Server 2

Client

10.0.2.200

FortiADC

SNAT Hides

HTTP ClientÕs IP

192.0.2.2

FortiWeb

Block 192.0.2.1?

10.0.2.1

Server 1

Server 2

Client

10.0.2.200

FortiADC

FortiWeb Sees

HTTP ClientÕs IP

192.0.2.2

GET /index.php

X-Real-IP:

10.0.2.200,192.0.2.1

FortiWeb

Block 10.0.2.200?

FortiWeb

10.0.2.1

192.0.2.1

Switch

192.0.2.2/24

192.0.2.3/24

Server 1

Server 2

Client

FortiGate

192.0.2.2HTTP

HTTP &

Scanned

FortiGateClient

10.0.2.1port3192.0.2.1

192.0.2.3/24

Servers

FortiWeb

FortiWeb

192.168.1.1/24

172.16.1.10/24port3

Client

Administrator

FortiGate