FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
darisandy
Staff
Staff
Article Id 370213
Description This article describes how to configure a Web Filter profile for incoming connection to a Virtual IP object
Scope FortiGate.
Solution

Most of the time, a Web Filter profile is used to restrict outgoing connection from internal users to the Internet but there may be scenarios where users need to restrict incoming connection to the company's published web server.

 

Example scenario:

Client -- Internet -- Edge FortiGate - Web Server

 

Edge FortiGate will have Virtual IP configured to translate incoming connection to an internal web server. The internal web server will use a different FortiGate Web GUI for the simulation.

 

The end user will restrict incoming connections using only using Fully Qualified Domain Name (FQDN), and it will block any other access, for example using the resolved public IP address.

 

Virtual IP Configuration:

 

VIP05.png

 

Web Filter Profile setting:

 

VIP04.png

 

Firewall Policy configuration:

 

VIP06.png

 

Once these are all configured, the result will be like below.

 

When using FQDN:

 

VIP01.png

 

 

When using a public IP Address:

 

VIP02.png

 

Contributors