7 avr 2010 · FortiWeb™ Web Application Security Version 4 0 2 Administration Guide 4 Revision 2 http://docs fortinet com/ • Feedback Configuring DoS
Previous PDF | Next PDF |
[PDF] FortiWeb Administration Guide - AWS
25 fév 2020 · destination IP instead of the IP address of the back-end server that was the target of 817 FortiWeb Administration Guide Fortinet Technologies
[PDF] FortiWeb 623 Administration Guide - AWS
30 nov 2020 · 868 Appendix E: How to purchase and renew FortiGuard licenses 870 FortiWeb Administration Guide Fortinet Technologies Inc
[PDF] FortiWeb 58 Administration Guide - Fortinet Knowledge Base
26 avr 2017 · For more information, see the FortiWeb-VM Install Guide FortiWeb 5 5 Patch 3 ○ FortiSandbox Cloud support — You can now configure
[PDF] FortiWeb AWS Quick Start Guide - Fortinet
A starter guide to getting FortiWeb up and running on AWS The Fortinet FortiWeb Web Application Firewall on AWS provides the specialized, Login: admin
[PDF] FortiWeb Web Application Firewall
Administrators can attach threat levels to any of FortiWeb's WAF protections then set trigger Please see FortiWeb VM Installation Guide for versions supported
[PDF] Deployment Guide of the FortiWeb-VM Virtual Appliance on MCP
For details, see maximum configuration values in the FortiWeb Administration Guide When you place an order for FortiWeb-VM, Fortinet emails a registration
[PDF] FortiWeb on OCB-FE - Installation and Deployment Guide - Orange
In a typical deployment, the FortiWeb outgoing interface connects to the OCB-FE Load Balancer Once the virtual appliance is deployed, you can configure
[PDF] FortiWeb Administration Guide Version 402 - ISP Tools
7 avr 2010 · FortiWeb™ Web Application Security Version 4 0 2 Administration Guide 4 Revision 2 http://docs fortinet com/ • Feedback Configuring DoS
[PDF] Fortinet FortiWeb 56 - Communications Security Establishment
5 déc 2017 · version indiquée du produit, dans la configuration qui a été évaluée FortiWeb Administration Guide, Version 5 6, 9 février 2017 b Common
[PDF] FortiWeb 52 Patch 3 Administration Guide, 2nd Edition - Home
30 juil 2014 · Once that basic installation is complete, you can use the rest of this document to use the web UI to: Update the FortiWeb appliance
[PDF] fortiweb aws
[PDF] fortiweb azure
[PDF] fortiweb cloud
[PDF] fortiweb cloud datasheet
[PDF] fortiweb cookbook
[PDF] fortiweb deployment type
[PDF] fortiweb machine learning
[PDF] fortiweb vm datasheet
[PDF] fortiweb vs fortigate
[PDF] fortiwifi 30e configuration
[PDF] fortiwifi 30e utm
[PDF] fortiwifi 30e utm bundle
[PDF] fortnite download windows
[PDF] fortnite generator
FortiWeb™ Web
Application Security
Version 4.0.2
Administration Guide
FortiWeb™ Web Application Security Administration GuideVersion 4.0.2
Revision 2
7 April 2010
© Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples,
diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means,electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of
Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager,Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and
FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual
companies and products mentioned herein may be the trademarks of their respective owners.Regulatory compliance
FCC Class A Part 15 CSA/CUS
CAUTION: Risk of explosion if battery is replaced by incorrect type. Dispose of used batteries according to instructions.Contents
FortiWeb™ Web Application Security Version 4.0.2 Administration GuideRevision 23
http://docs.fortinet.com/ • FeedbackContents
Introduction.............................................................................................. 9
Registering your Fortinet product................................................................................. 9
Customer service & technical support ......................................................................... 9
Training.......................................................................................................................... 10
Documentation.............................................................................................................. 10
Scope ............................................................................................................................. 10
Conventions .................................................................................................................. 11
IP addresses............................................................................................................. 11
Cautions, Notes, & Tips............................................................................................ 11
Typographical conventions....................................................................................... 11
Command syntax conventions.................................................................................. 12
Characteristics of XML threats .................................................................................... 14
Characteristics of HTTP threats .................................................................................. 15
What's new ............................................................................................. 19
About the web-based manager............................................................. 21System requirements.................................................................................................... 21
URL for access.............................................................................................................. 21
Settings.......................................................................................................................... 22
Language support & regular expressions.................................................................. 22
System .................................................................................................... 25
Viewing the system statuses ....................................................................................... 25
System Information widget ....................................................................................... 27
Changing the FortiWeb unit's host name........................................................... 29
System Resources widget........................................................................................ 29
CLI Console widget................................................................................................... 30
Alert Message Console widget................................................................................. 31
Service Status widget............................................................................................... 32
Policy Summary widget ............................................................................................ 33
Configuring the network interfaces............................................................................. 34
About VLANs...................................................................................................... 39
Configuring bridges................................................................................................... 39
Configuring fail-open................................................................................................. 41
Configuring the DNS settings...................................................................................... 42
Configuring high availability (HA) ............................................................................... 42
About the heartbeat and synchronization................................................................. 46
Configuring the SNMP agent ....................................................................................... 47
Configuring an SNMP community............................................................................. 48
Contents
FortiWeb™ Web Application Security Version 4.0.2 Administration Guide4Revision 2
http://docs.fortinet.com/ • FeedbackConfiguring DoS protection......................................................................................... 50
Configuring the operation mode ................................................................................. 51
Configuring administrator accounts........................................................................... 53
About trusted hosts................................................................................................... 56
Configuring access profiles....................................................................................... 56
About permissions.................................................................................................... 58
Configuring the web-based manager's global settings ............................................ 60Managing certificates ................................................................................................... 61
Managing local and server certificates ..................................................................... 62
Generating a certificate signing request............................................................. 63
Downloading a certificate signing request.......................................................... 66
Uploading a certificate........................................................................................ 66
Managing OCSP server certificates.......................................................................... 68
Managing CA certificates.......................................................................................... 68
Grouping CA certificates .................................................................................... 69
Managing certificates for intermediate CAs ....................................................... 70
Grouping certificates for intermediate CAs ........................................................ 71
Managing the certificate revocation list..................................................................... 72
Configuring certificate verification rules.................................................................... 73
Backing up the configuration & installing firmware.................................................. 74
Configuring the time & date......................................................................................... 75
Uploading signature updates....................................................................................... 77
Scheduling signature updates..................................................................................... 78
Router...................................................................................................... 81
Configuring static routes ............................................................................................. 81
User......................................................................................................... 83
Configuring local users................................................................................................ 83
Configuring LDAP user queries................................................................................... 84
Configuring NTLM user queries .................................................................................. 87
Grouping users ............................................................................................................. 88
Server Policy .......................................................................................... 91
Configuring policies ..................................................................................................... 91
Enabling or disabling a policy................................................................................. 101
Configuring virtual servers ........................................................................................ 101
Enabling or disabling a virtual server...................................................................... 103
Configuring physical servers..................................................................................... 103
Enabling or disabling a physical server .................................................................. 105
Grouping physical servers into server farms .......................................................... 106
Configuring server health checks ........................................................................... 109
Contents
FortiWeb™ Web Application Security Version 4.0.2 Administration GuideRevision 25
http://docs.fortinet.com/ • FeedbackConfiguring custom services..................................................................................... 111
Viewing the list of predefined services.................................................................... 113
Configuring protected hosts...................................................................................... 113
Grouping the predefined data types ......................................................................... 116
Viewing the list of predefined data types................................................................ 118
Grouping the predefined suspicious URLs.............................................................. 120
Viewing the list of predefined URL rules................................................................. 121
XML Protection..................................................................................... 123
Configuring schedules ............................................................................................... 123
Configuring one-time schedules............................................................................. 123
Configuring recurring schedules............................................................................. 124
Configuring content filter rules ................................................................................. 126
How priority affects content filter rule matching...................................................... 129
Enabling or disabling a content filter rule................................................................ 129
Configuring intrusion prevention rules .................................................................... 130
Enabling or disabling an intrusion prevention rule.................................................. 132
Configuring WSDL content routing groups.............................................................. 133
Managing XML signature and encryption keys........................................................ 135
Uploading a key...................................................................................................... 135
Grouping keys into key management groups......................................................... 136
Managing Schema files .............................................................................................. 138
Enabling or disabling a Schema file........................................................................ 140
Managing WSDL files.................................................................................................. 141
Enabling and disabling operations in a WSDL file.................................................. 142
Grouping WSDL files.............................................................................................. 143
Configuring XML protection profiles......................................................................... 144
Web Protection..................................................................................... 151
Order of execution ...................................................................................................... 151
Configuring input rules .............................................................................................. 152
Grouping input rules into parameter validation rules.............................................. 156
Configuring page order rules..................................................................................... 158
Configuring server protection rules.......................................................................... 161
Configuring server protection exceptions ............................................................... 167
Configuring start pages.............................................................................................. 170
Configuring URL black list rules ............................................................................... 173
Configuring URL white list rules ............................................................................... 175
Blacklisting client IP addresses ................................................................................ 177
Enabling or disabling IP address blacklisting.......................................................... 178
Viewing the top 10 IP black list candidates............................................................. 179
Contents
FortiWeb™ Web Application Security Version 4.0.2 Administration Guide6Revision 2
http://docs.fortinet.com/ • FeedbackWhitelisting client IP addresses ................................................................................ 180
Configuring brute force login attack senso
rs .......................................................... 181Configuring robot control sensors............................................................................ 184
Viewing the predefined list of well-known robots.................................................... 187
Grouping predefined robots.................................................................................... 188
Grouping custom robots ......................................................................................... 189
Configuring allowed method exceptions.................................................................. 191
Configuring hidden field rules................................................................................... 194
Grouping hidden field rules..................................................................................... 197
Configuring URL rewriting ......................................................................................... 199
Grouping URL rewriting rules ................................................................................. 202
Example: Rewriting URLs using regular expressions............................................. 204Example: Rewriting URLs using variables.............................................................. 204
Configuring HTTP protocol constraints.................................................................... 205
Configuring HTTP authentication.............................................................................. 207
Configuring authentication rules............................................................................. 208
Grouping authentication rules into authentication policies...................................... 211
Configuring inline web protection profiles............................................................... 213
Configuring offline protection profiles ..................................................................... 219
Configuring auto-learning profiles............................................................................ 223
Auto Learn............................................................................................ 227
Generating an auto-learning profile and its components ....................................... 227Viewing auto-learning reports ................................................................................... 228
About the attack count............................................................................................ 232
Generating a profile from auto-learning data........................................................... 232
Web Anti-Defacement.......................................................................... 237Configuring anti-defacement ..................................................................................... 237
About web site backups.......................................................................................... 241
Reverting a web site to a backup revision................................................................ 241
Web Vulnerability Scan ....................................................................... 243Preparing for the vulnerability scan job ................................................................... 243
Configuring vulnerability scans ................................................................................ 243
Viewing a vulnerability report.................................................................................... 248
Log&Report .......................................................................................... 251
About logging.............................................................................................................. 251
Log types................................................................................................................ 251
Log message severity levels................................................................................... 252
Contents
FortiWeb™ Web Application Security Version 4.0.2 Administration GuideRevision 27
http://docs.fortinet.com/ • FeedbackConfiguring logging and alerts.................................................................................. 252
Enabling logging and alerts .................................................................................... 253
Obscuring sensitive data in the logs....................................................................... 255
Configuring logging to the local hard disk............................................................... 256
Configuring logging to memory............................................................................... 258
Configuring logging to a Syslog server or FortiAnalyzer unit.................................. 259Configuring and testing alerts................................................................................. 260
Viewing log messages................................................................................................ 262
Customizing the log view........................................................................................ 264
Displaying and arranging log columns ............................................................. 265
Filtering log messages ..................................................................................... 266
Grouping similar attack log messages ............................................................. 267
Configuring and generating reports.......................................................................... 268
Configuring a report profile..................................................................................... 269
Configuring the headers, footers, and logo of a report profile.......................... 270 Configuring the time period and log filter of a report profile ............................. 271 Configuring the query selection of a report profile ........................................... 273 Configuring the advanced options of a report profile ....................................... 274Configuring the schedule of a report profile ..................................................... 274
Configuring the output of a report profile.......................................................... 275
Viewing and downloading reports............................................................................. 277
Installing firmware ............................................................................... 279
Testing new firmware before installing it ................................................................. 279
Installing firmware ...................................................................................................... 281
Installing backup firmware......................................................................................... 283
Restoring firmware ..................................................................................................... 285
Appendix A: Supported RFCs............................................................. 289 Appendix B: Maximum values matrix ................................................ 291 Appendix C: SNMP MIB support......................................................... 293Index...................................................................................................... 295
Contents
FortiWeb™ Web Application Security Version 4.0.2 Administration Guide8Revision 2
http://docs.fortinet.com/ • FeedbackIntroduction Registering your Fortinet product
FortiWeb™ Web Application Security Version 4.0.2 Administration GuideRevision 29
http://docs.fortinet.com/ • FeedbackIntroduction
Welcome and thank you for selecting Fortinet products for your network protection. FortiWeb units are designed specifically to protect web servers. Traditional firewalls and unified threat management (UTM) devices often understand the HTTP protocol, but do not understand simple object access protocol (SOAP) and other XML protocols and document types encapsulated within HTTP (RFC 2616). Because they lack in-depth inspection and analysis, traditional firewalls often cannot route connections based upon XML content. Worse still, attackers can bypass traditional firewall protection and cause problems for web servers that host HTML or XML-based services. High performance is also important because XML and SOAP parsing requires relatively high amounts of CPU and memory resources. Traditional firewalls may be devoted to other business critical security functions, unable to meet performance requirements while also performing thorough scanning of XML and other HTTP document requests. FortiWeb units are designed specifically to meet these needs. In addition to providing application content-based routing and in-depth protection for many HTTP/HTTPS- and XML-specific attacks, FortiWeb units contain specialized hardware to accelerate SSL processing, and can thereby enhance both the security and the performance of connections to your web servers. This section introduces you to FortiWeb units and the following topics: •Registering your Fortinet product •Customer service & technical support •Training •Documentation •Scope •Conventions •Characteristics of XML threats •Characteristics of HTTP threatsRegistering your Fortinet product
Before you begin, take a moment to register your Fortinet product at the Fortinet TechnicalSupport web site, https://support.fortinet.com.
Many Fortinet customer services, such as firmware updates, technical support, and FortiGuard Antivirus and other FortiGuard services, require product registration. For more information, see the Fortinet Knowledge Base article Registration FrequentlyAsked Questions.
Customer service & technical support
Fortinet Technical Support provides services designed to make sure that you can install your Fortinet products quickly, configure them easily, and operate them reliably in your network.TrainingIntroduction
FortiWeb™ Web Application Security Version 4.0.2 Administration Guide10Revision 2
http://docs.fortinet.com/ • Feedback To learn about the technical support services that Fortinet provides, visit the Fortinet Technical Support web site at https://support.fortinet.com. You can dramatically improve the time that it takes to resolve your technical support ticket by providing your configuration file, a network diagram, and other specific information. For a list of required information, see the Fortinet Knowledge Base article Technical SupportRequirements.
Training
Fortinet Training Services provides classes that orient you quickly to your new equipment, and certifications to verify your knowledge level. Fortinet provides a variety of training programs to serve the needs of our customers and partners world-wide. To learn about the training services that Fortinet provides, visit the Fortinet Training Services web site at http://campus.training.fortinet.com, or email them at training@fortinet.com.Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the most up-to-date versions of Fortinet publications, as well as additional technical documentation such as technical notes. In addition to the Fortinet Technical Documentation web site, you can find Fortinet technical documentation on the Fortinet Tools and Documentation CD, and on the FortinetKnowledge Base.
Fortinet Tools and Documentation CD
Many Fortinet publications are available on the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For current versions of Fortinet documentation, visit the Fortinet TechnicalDocumentation web site, http://docs.fortinet.com.
Fortinet Knowledge Base
The Fortinet Knowledge Base provides additional Fortinet technical documentation, such as troubleshooting and how-to-articles, examples, FAQs, technical notes, and more. Visit the Fortinet Knowledge Base at http://kb.fortinet.com.Comments on Fortinet technical documentation
Please send information about any errors or omissions in this technical document to techdoc@fortinet.com. Scope This document describes how to use the web-based manager of the FortiWeb unit. It assumes you have already successfully installed the FortiWeb unit by following the instructions in the FortiWeb Installation Guide.At this stage:
• You have administrative access to the web-based manager and/or CLI. • The FortiWeb unit is integrated into your network.Introduction Conventions
FortiWeb™ Web Application Security Version 4.0.2 Administration GuideRevision 211
http://docs.fortinet.com/ • Feedback • The operation mode has been configured. • The system time, DNS settings, administrator password, and network interfaces have been configured. • Firmware updates have been completed. • Basic policies have been configured. Once that basic installation is complete, you can use this document. This document explains how to use the web-based manager to: • maintain the FortiWeb unit, including backups • reconfigure basic items that were configured during installation • configure advanced features, such as customized protection profiles, logging, and reporting This document does not cover commands for the command line interface (CLI). For information on the CLI, see the FortiWeb CLI Reference.Conventions
Fortinet technical documentation uses the conventions described below.IP addresses
To avoid publication of public IP addresses
that belong to Fortinet or any other organization, the IP addresses used in Fortinet technical documentation are fictional and follow the documentation guidelines specific to Fortinet. The addresses used are from the private IP address ranges defined in RFC 1918: Address Allocation for Private Internets, available at http://ietf.org/rfc/rfc1918.txt?number-1918.Cautions, Notes, & Tips
Fortinet technical documentation uses the following guidance and styles for cautions, notes and tips.Typographical conventions
Fortinet documentation uses the following typographical conventions: Caution: Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment. Note: Presents useful information, usually focused on an alternative, optional method, such as a shortcut, to perform a step. Tip: Highlights useful additional information, often tailored to your workplace activity.ConventionsIntroduction
FortiWeb™ Web Application Security Version 4.0.2 Administration Guide12Revision 2
http://docs.fortinet.com/ • FeedbackCommand syntax conventions
The command line interface (CLI) requires that you use valid syntax, and conform to expected input constraints. It will reject invalid commands. Brackets, braces, and pipes are used to denote valid permutations of the syntax. Constraint notations, such asConvention Example
Button, menu, text box,
field, or check box labelFrom Minimum log level, select Notification.CLI inputconfig system dns
set primaryCLI outputFGT-602803030703 # get system settings
comments : (null) opmode : nat EmphasisHTTP connections are not secure and can be intercepted by a third party.File contentFirewall
Authentication
You must authenticate to use this service.
HyperlinkVisit the Fortinet Technical Support web site, https://support.fortinet.com. Keyboard entryType a name for the remote VPN peer or client, such as Central_Office_1.NavigationGo to VPN > IPSEC > Auto Key (IKE).
PublicationFor details, see the FortiGate Administration Guide.Table 2: Command syntax notation
ConventionDescription
Square brackets []A non-required word or series of words. For example: [verbose {1 | 2 | 3}]indicates that you may either omit or type both the verbose word and its accompanying option, such as:
verbose 3Introduction Conventions
FortiWeb™ Web Application Security Version 4.0.2 Administration GuideRevision 213
http://docs.fortinet.com/ • FeedbackAngle brackets <>A word constrained by data type.To define acceptable input, the angled brackets contain a descriptive name followed by an underscore (_) and suffix that indicates the valid data type. For example:
Data types include:
••
•
•
•
•
•
•
Curly braces {}A word or series of words that is constrained to a set of options delimited by either vertical bars or spaces.
You must enter at least one of the options, unless the set of options is surrounded by square brackets [ ].Table 2: Command syntax notation
Characteristics of XML threatsIntroduction
FortiWeb™ Web Application Security Version 4.0.2 Administration Guide14Revision 2
http://docs.fortinet.com/ • FeedbackCharacteristics of XML threats
XML messages can be relatively large: many megabytes and thousands of packets. Unstructured matching of elements in those messages is complex and CPU- and memory- intensive. Because of the complexity of XML content, it is often not practical to develop signatures for XML-specific attacks on a traditional firewall or UTM. This leads to "zero day" vulnerabilities before at tacks can be characterized and signatures developed. FortiWeb units understand the XML protocol, and only allows XML operations that you specifically allow. Table 3 lists several XML-related threats and describes how FortiWeb units protect against them.Options delimited
by vertical bars|Mutually exclusive options. For example:{enable | disable} indicates that you must enter either enable or disable, but must not enter both.Options delimited
by spacesNon-mutually exclusive options. For example:{http https ping snmp ssh telnet}indicates that you may enter all or a subset of those options, in any order, in a space-delimited list, such as:
ping https ssh Note:To change the options, you must
re-type the entire list. For example, to add snmp to the previous example, you would type: ping https snmp sshIf the option adds to or subtracts from the existing list of options, instead of replacing it, or if the list is comma-delimited, the exception will be noted.Table 2: Command syntax notation