This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Created on 02-23-2022 01:14 AM
I have a client to whom I indicated that the best way to have security is with the Reverse Proxy option, however, when reviewing the information on the True Transparent Proxy, it indicates that this is the best option.
I have some deployments in True Transparent Proxy and I can't block security events that occur in SSL.
Do you recommend the True Transparent Proxy?
Created on 02-28-2022 10:25 AM
In a end customer for the public information of the internet and to ensure communication to its servers due to the unavailability of the FWEB, requested to implement it in TTP, however there is no possibility of loading the certificates or analyzing the encrypted payloads.
There is the inconvenience that will occur when an SQLi attack appears in an encrypted way, the FWEB will not be able to do anything.
Thank you very much for the recommendation of the HA scenarios
Created on 03-01-2022 11:26 AM
The quick answer: Reverse Proxy is the best security options for deploying FortiWeb WAF.
The choice between a transparent deployment vs. reverse proxy is usually determined based on latency sensitive. In cases where any increases in latency are critical decision factors, you will want to choose a transparent mode (selecting performance over security), of which True Transparent Proxy offers better security as it does a better job buffering the traffic during the inspection phase.
When security is the primary concern, I strongly recommend reverse proxy (RP) as the default deployment method. RP guarantees full payload inspection and provides the maximum set of features available to meet all of our WAF requirements.