Skip to main content
khhussnain
khhussnain
New Member
January 8, 2019
Question

FortiWeb 100D Internet Access to Backend Server

  • January 8, 2019
  • 4 replies
  • 13642 views

We have deployed Fortiweb 100D in reverse proxy mode. We want to provide Internet access to backend servers through Foritweb. Applications that are hosted on backend servers are accessing properly using internet. But backend server has no internet connection showing via fortiweb. All virtual servers IP and also all fortinet interfaces IP's are pinging from backend server but the router gateway 192.168.11.5 is not pinging. Please help

    4 replies

    khhussnain
    khhussnainAuthor
    New Member
    January 9, 2019

    Any Update please!!!!

    khhussnain
    khhussnainAuthor
    New Member
    January 9, 2019

    Any Update please

    anasalomari
    anasalomari
    New Member
    January 9, 2019

    FortiWeb can not act as gateway for your servers, it just revers proxy.

    so you need to add tow Ethernet interfaces to your server and add deferente routes inside your server.

    or alternatively  ,you need add L3 device in front of your server and the do  routing on that L3 node.

     

    Anas

     

    khhussnain
    khhussnainAuthor
    New Member
    January 9, 2019

    Hello Anas,

     

    Thanks for your reply. So how can I get Internet to backed servers if there is no router. e.g Fortiweb True transparent proxy or Transparent inspection mode. I want to give Internet to backend servers using Fortiweb. I dnt have fortigate in my environment. Can I use policy route for this?

     

    asif_janjua88
    asif_janjua88
    New Member
    January 16, 2019

    Hi Khhussnain, 

     

    Navigate to the Networks -->Interfaces --> and click on WAN interface. On the WAN interface page make sure that you have check the option of PING which actually allow the PING on WAN interface. If it is enabled and still you are not able to reach the WAN interface then please check below. 

     

    Have you added the policy to allow all the trafic to WAN interface? Please create ploicy under IP4 and Policy section which accept the trafic from local LAN interface and destination would be WAN.

     

     

    khhussnain
    khhussnainAuthor
    New Member
    January 16, 2019

    Hi Asif,

     

    Thanks for your reply. Actually Foritweb 100D doesn't have WAN Ports. It only have 4 LAN Ports and I configured in Reverse proxy mode. I just want to get Internet Access to backend servers from Firewall. I have created Policy but its not working

    khhussnain
    khhussnainAuthor
    New Member
    January 23, 2019

    Hurry!

     

    Issue has been resolved. I called Fortinet Support and discussed issue with them. After long remote sessions we have resolved this issue. You need SNAT option in Fortiweb and for that you have to be on latest firmware version i-e 6.02.

    After that enable SNAT in Dashboard > Firewall > SNAT Policy

     

    Source Address: IP Scheme of Backed Servers

    Destination Address: 0.0.0.0/0

    Egress Port: Port that is connected to your Router (In my scenario Port 2)

    Translation Type: IP Address

    Translate IP Address: IP Address i-e connected to port 2 (192.168.100.150)

    Terms & ConditionsAccessibility statement