FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssriswadpong
Staff
Staff
Article Id 328997
Description

This article describes that the WAF profile is not working with the virtual server and allows traffic passing without checking if the traffic hit the WAF signature.

Scope FortiGate.
Solution

The virtual server type must be HTTP or HTTPS. The WAF profile will not work with virtual server type IP, TCP, and SSL.

If the virtual server type is not HTTP or HTTPS, the WAD debug will show nothing related to the traffic when traffic hits the FortiGate.

 

config firewall VIP

    edit <virtual server name>
        set type server-load-balance
        set extip <external IP>
        set extintf <interface>
        set server-type         <----- Must be HTTP or HTTPS.
        set export <port>
        config realservers
            edit 1
                set IP <real server IP>
                set port <port>
            next
        end
    next

end