FortiWeb Protection in internal LAN

Question

Hello!

I have a question regarding a maybe out of the ordinary topology. Basically, I have a LAN of multiple clients (let's say 2 for ease of use), both clients need to access a webserver that is located in the same network as the clients. Something like this:

Network: 192.168.0.0/24

Client_1: 192.168.0.10

Client_2: 192.168.0.20

Web Server: 192.168.0.30

Now, is there any way that I can deploy a FortiWeb inside the LAN, so that the webserver is protected from potential attacks by Client 1 and Client 2? If so, how? I understand the basic topology where outside traffic from another network should pass through the FortiWeb and onwards to the network where the webserver is located...however how can I force clients to pass through the FortiWeb towards the webserver when they are on the same network? (for example, client_1 who tries to type [link]https://192.168.0.30/[/link] should first pass through FortiWeb and then reach the server).

Also, can you actually use it to block attacks? Or can it only alert and log them?

Thank you very much for your answers and I apologize if the question seems abit stupid.

abelio · Answer

HelloConsider True Transparent proxy, see attached schema copied/pasted from fortiweb admin manual In this operation mode you'll need to sacrifice ssl offloading and a few features but you could be able to meet the requirement.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded