fortiweb deployment question

Forum|Forum|7 years ago
April 17, 2019
1 reply
2774 views

hello i have a IIS web server currently connected to dmz interface on a Cisco ASA.

I will be adding a fortiWEB VM . (Everything is virtual)

DO i setup an interface on my fortiWEB in the same DMZ and then do i need to create a new subnet , set that as a 2nd interface on the fortiWEB and move my IIS web server to this new subnet?

Ii this correct?

Also i believe on my fortiWEB i create a virtual server IP using the original IP address of my IIS webserver AKA the old IP address from the DMZ subnet?

Thanks ,

abelio

SuperUser

Hello Jason

it depends on deployment mode actually.

Assuming you'll go for the most used, reverse-proxy mode, if you configure for instance fortiweb port1 belonging to that DMZ, you'll need renumerate your IIS webservers IP address and connect all these 'behind' another WAF interface.

On the hand, if you adopt some of the transparent modes available, you could avoid renumerate, but (maybe) the whole setup became a little bit more complex, using v-bridge.

dirkdigsAuthor

New Member

thanks for the reply. yes i was going to use reverse proxy mode.

i will re-ip the webserver . thank you .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded