|
Before FortiWeb, if there was any NAT device and XFF information was available, it was possible to see the original IP source as the X-Forwarder-For IP in traffic logs.
In a network, there is a device before FortiWeb that enables the firewall to perform SNAT. In FortiWeb, only the SNAT is seen as the original source IP for all the client request in traffic logs of FortiWeb.
To disable the NAT on the firewall and see the original client IP address in traffic logs as the Original source IP, configure XFF settings on the firewall. In this example, the firewall is performing SNAT before FortiWeb.
To view the client IP address as Original Source IP address in FortiWeb traffic logs, disable the following settings:
config waf x-forwarded-for
skip-private-original-ip
end
Reference document:
waf-x-forwarded-for - FortiWeb CLI reference.
|
