Description | This article describes how to identify private IP classes in X-Forwarded-For header as Original Source in FortiWeb’s traffic log. |
Scope | FortiWeb, FortiWeb-VM |
Solution |
When an upstream device performs SNAT, FortiWeb will only see NAT IP as the source IP to connect to web applications behind FortiWeb. Thus, not depict the real client source IP for proper identification in FortiWeb traffic logs and security features.
In most use cases, users would be coming from the Internet traversing through a NAT device that adds X-Forwarded-For, allowing FortiWeb to identify the original source.
There are also environments where web applications are published on the Intranet and the original client’s source IP uses private IP classes. By default, the FortiWeb X-Forwarded-For profile ignores private IP classes to be identified as Original Source in the traffic log.
CLI command is available to disable default configuration and let FortiWeb identify private IP classes as the Original Source in the X-Forwarded-For header.
CLI Command:
From GUI:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.