Description | This article describes how to reflect an X-Forwarded-For (XFF) IP as the original source IP in traffic logs. |
Scope | FortiWeb. |
Solution |
Before FortiWeb, if there was any NAT device and XFF information was available, it was possible to see the original IP source as the X-Forwarder-For IP in traffic logs.
In a network, there is a device before FortiWeb that enables the firewall to perform SNAT. In FortiWeb, only the SNAT is seen as the original source IP for all the client request in traffic logs of FortiWeb.
To disable the NAT on the firewall and see the original client IP address in traffic logs as the Original source IP, configure XFF settings on the firewall. In this example, the firewall is performing SNAT before FortiWeb.
To view the client IP address as Original Source IP address in FortiWeb traffic logs, disable the following settings:
config waf x-forwarded-for skip-private-original-ip end
Reference document: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.