Skip to main content
bzh87
bzh87
Explorer
March 13, 2022
Solved

fortiweb uses?

  • March 13, 2022
  • 2 replies
  • 7690 views

we just bought a fortiweb and in my network, most of our servers dont use http and https ports but instead they use ports like udp and tcp 3500  , 3501 and so on. My question is the following: is fortiweb used to protect servers that don't use HTTP or HTTPS? like how described in my environment? or it is exclusively used for http and https access? because the idea to place all my services that use tcp and udp ports behind a fortiweb? because when im checking config guides on fortiweb it shows the policy configuration is always showing a http and https profiles, while many of my servers don't use http and https and use other ports for other applications like GPS and so on

Best answer by abelio

Hello,
FortiWeb is a security device to protect and manage HTTP/HTTPS (and FTP) traffic.
You're mixing ports with protocols .

If you're sending traffic HTTPS/HTTP traffic using non-standard ports ( 8081 or 7001 for instance) you could send use custom service to match that HTTP traffic and Fortiweb can proxy and protect it.


But if your traffic under those 3501 TCP ports is not HTTP/HTTPS, Fortiweb has no business being there

 

2 replies

abelio
SuperUser
abelioAnswer
SuperUser
March 13, 2022

Hello,
FortiWeb is a security device to protect and manage HTTP/HTTPS (and FTP) traffic.
You're mixing ports with protocols .

If you're sending traffic HTTPS/HTTP traffic using non-standard ports ( 8081 or 7001 for instance) you could send use custom service to match that HTTP traffic and Fortiweb can proxy and protect it.


But if your traffic under those 3501 TCP ports is not HTTP/HTTPS, Fortiweb has no business being there

 

    B_net
    B_net
    Visitor III
    March 14, 2022

    so fortiweb is mainly used for web pages on browsers nothing else?

     

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    March 14, 2022

    Q: "so fortiweb is mainly used for web pages on browsers nothing else?"

     

    A:

    FortiWeb is basically Web application proxy.
    It can do a lot of things from request/response sanity checks, flow redirects and manipulation, in-flow injects like enhancing web access with Two-Factor/Multi-Factor authentication, handling Single Sign-On (SSO) .. and more.
    But it does so for web based applications.

    So it has nothing to do with for example protection for custom, proprietary, -protocol based applications.

    ddsouza_FTNT
    Staff
    ddsouza_FTNT
    Staff
    March 14, 2022

    @bzh87  By using the following configuration, you can achieve basic load balancing of TCP port traffic between real servers.

    1. Create a custom TCP service port for TCP port 3500 and call it as an HTTP service in the server policy.

    ddsouza_FTNT_1-1647260330615.png

     

    2. Turn off HTTP parsing in the server policy in CLI by enabling 'noparse' setting (basically Fortiweb stops parsing the TCP data with noparse enabled)

     

    ddsouza_FTNT_0-1647260254768.png

     

    But please note that Persistence doesn't work and System doesn't generate traffic logs, so it adds a little value  (persistence + traffic logs for tshooting/future reference) compared to what typical Load Balancers do.

     

    UDP load balancing is not possible on Fortiweb as it can't listen for UDP port traffic. 

      bzh87
      bzh87Author
      Explorer
      March 14, 2022

      thanks so much 

      ddsouza_FTNT
      Staff
      ddsouza_FTNT
      Staff
      March 14, 2022

      You're welcome :)

      Terms & ConditionsAccessibility statement