Skip to main content
anaudiyal
anaudiyal
New Member
May 2, 2016
Solved

DNS Based or Host Header Based Forwarding

  • May 2, 2016
  • 1 reply
  • 15574 views

Hello Team,

 

I am in process of choosing FortiGate-VM (on AWS) for one of my customer for their requirement of having a Firewall in front of their public hosted site(s). This Firewall (single Public IP exposed) will run on the Public subnet and will front-end/Proxy-front the web servers running in the different subnet. Since there are couple of Web services they want to expose both running on default http port, is there any possibility to forward requests to different hosts as per their domain requested. For example.

 

www.example.com (pointing to 100.99.100.99) -> FortiGateVM -> Machine1 hosting this website on port 80.

www.actual.com (pointing to 100.99.100.99) -> FortiGateVM -> Machine2 hosting this website on port 80.

 

Any possibility of DNS virtual hosting (just like it is done on Apache) or Header Host based ?

 

Regards,

Amit

    Best answer by emnoc

    Fortigate FortiOS has the ability of header switch per-vip it simple but if you have HTTPs requirement this is probably not going to work. You will probably want  HTTPS rev-rpoxy with full SNI.

     

    Ken

    1 reply

    Luiz_Alberto_Camilo
    Luiz_Alberto_Camilo
    Explorer II
    May 9, 2016

    My advice is that you go for FortiWeb or a reverse proxy device that can offer you more granullar control depending of what you need to achieve. 

     

    FortiOS 5.4 has new WAF features that might help you, check this guide and look for "host header" 

    http://docs.fortinet.com/uploaded/files/2770/fortigate-load-balancing-54.pdf

     

    cheers

    emnoc
    emnocAnswer
    New Member
    May 9, 2016

    Fortigate FortiOS has the ability of header switch per-vip it simple but if you have HTTPs requirement this is probably not going to work. You will probably want  HTTPS rev-rpoxy with full SNI.

     

    Ken

    anaudiyal
    anaudiyalAuthor
    New Member
    May 10, 2016

    Hi,

     

    We are new for fortinetVM/Web/FortiOS. We are looking to implement following features via Fortigate service for AWS infrastructure:

    1. Fortinet instance working as NAT gateway for other instances in our AWS infra

    2. Domain/url based firewall filtering to block specific sites/url.

    3. www.example.com (pointing to 100.99.100.99) -> FortinetVM -> Machine1 hosting this website on port 80.     www.actual.com (pointing to 100.99.100.100) -> FortinetVM -> Machine2 hosting this website on port 80.  The fortinet instance could be required to have two public IP's. If the same could be achieved by single public IP, that would also be acceptable.

    Can you suggest which of the service on AWS provided by Fortinet would be suitable for achieving the above objectives.

    https://aws.amazon.com/marketplace/seller-profile?id=243a3a4c-e35a-49b0-9061-3f354bb2254e

     

    Some links/guide would be really helpful.

     

    Thanks for the help.

    Terms & ConditionsAccessibility statement