Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff

Created on ‎11-21-2019 06:40 AM

Article Id 197411

Technical Tip: Preserve client IP in Virtual servers

Description
This article explains what preserve client IP means and how it works.

Scope
FortiOs v6.2.2

Solution
On the below screenshot, there is a virtual sever and two back end real server’s



When a client try to access the Virtual server i.e 10.5.21.53, the traffic will be forwarded either to 172.31.133.94 or 172.31.133.89 (Round robin algorithm method) .

Enable preserve client IP from the web-based manager or enable the http-ip-header option from the CLI to preserve the IP address of the client in the X-Forwarded-For HTTP header.
This can be useful in an HTTP multiplexing configuration if log messages are required on the real servers to the client’s original IP address.
Via CLI:
#config firewall vip
    edit "Virtual server"
        set id 0
        set uuid b17c7658-0b8e-51ea-37a3-db3c7f04ecab
        set comment ''
        set type server-load-balance
        set extip 10.5.21.53
        set extintf "port1"
        set arp-reply enable
        set server-type http
        set nat-source-vip disable
        set gratuitous-arp-interval 0
        set http-ip-header enable   
Below is the sniffer output when “Preserve Client IP is enabled”   


Below is the sniffer output when “Preserve Client IP is disabled” 


Labels:
13552
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.