Where to place the FortiWeb Appliance

Forum|Forum|9 years ago
August 22, 2016
1 reply
7567 views

Hi,

Im about to install a FortiWeb, to handle OWA, Reverse proxy etc.

Where should I place the appliance...?

[ul]

Directly on Internet with an external IP?

Behind Fortigate firewall with NAT?[/ul]

If I place it behind the Fortigate, is it possible to use the Servers Certificate on the FortiWeb or do I need to do the HTTPS decyption on the Fortigate?

If I place it behind the fortigate, the FortiWeb will have an internal (NAT:ed) address.

Whats the best practice here?

Best answer by jintrah_FTNT

Hi Nil,

The certificate is not bound to any IP, as far as the requests/traffic reach FortiWeb to its destined virtual server IP(public/private) and Port, the certificate thing would work fine.

jintrah_FTNT

Staff

Hi..

Ideally WAF should be placed behind Firewall DMZ. You can install/import server certificates on FortiWeb for https encryption/decryption. There are some info available on the topology setup done in reverse proxy mode, please go through http://help.fortinet.com/fweb/554/index.htm#FortiWeb/fortiweb-admin/planning_topology.htm%3FTocPath%3DHow%2520to%2520set%2520up%2520your%2520FortiWeb%7C_____3

NilsAuthor

New Member

Ok,

I saw these topology setups.

There is one thing I'm not sure about, and its about the server certificates.

I the FortiWeb is behind NAT, where should I place the certificates?

Aren't these meant to be where the External IP is located?

jintrah_FTNTAnswer

Staff

Hi Nil,

The certificate is not bound to any IP, as far as the requests/traffic reach FortiWeb to its destined virtual server IP(public/private) and Port, the certificate thing would work fine.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded