Description | This article describes how to configure a Web Filter profile for incoming connection to a Virtual IP object |
Scope | FortiGate. |
Solution |
Most of the time, a Web Filter profile is used to restrict outgoing connection from internal users to the Internet but there may be scenarios where users need to restrict incoming connection to the company's published web server.
Example scenario: Client -- Internet -- Edge FortiGate - Web Server
Edge FortiGate will have Virtual IP configured to translate incoming connection to an internal web server. The internal web server will use a different FortiGate Web GUI for the simulation.
The end user will restrict incoming connections using only using Fully Qualified Domain Name (FQDN), and it will block any other access, for example using the resolved public IP address.
Virtual IP Configuration:
Web Filter Profile setting:
Firewall Policy configuration:
Once these are all configured, the result will be like below.
When using FQDN:
When using a public IP Address:
|