Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fakrulalam
New Contributor

FortiWeb Azure HA Client Public IP

Hi,

 

I have deployed FortiWeb in HA mode using the following template:

 

https://github.com/fortinetsolutions/Azure-Templates/tree/master/FortiWeb/FortiWeb-VariableHA-2-NIC

 

It's working all fine except in web server logs it's showing ForitWeb internal IP, not Client Public IP. I have tried enabling the option from Server Policy, but after enabling that I can't connect to the WebServer. Is the issue related to Azure Load Balancer which is doing the NAT? Wondering anyone deployed FortiWeb in Azure and can share something.

 

Thanks

2 REPLIES 2
Deepak_Girimaji_FTNT

Hi,

 

If you are enabling the client real IP option in the server policy, then you need to set FortiWeb as the default gateway on the backend server. Instead, you could configure FortiWeb to include X‑Forwarded-For in the HTTP header before traffic is generated to the backend server. for more information and configuration, please refer the following link:

https://help.fortinet.com/fweb/610/index.htm#FortiWeb/fortiweb-admin/define_proxies_clients.htm?High...

 

The backend server needs to be configured to read the content in X-forwarded-for header for logging.

 

I hope this helps.

 

Regards,

Deepak

Best regards,
Deepak G N R
Technical Lead Engineer
EMEA FortiWeb/ADC/WAN/DDoS/Isolator Team
Nikhil_Chaudhari
New Contributor

Hi,

Pls enable X-Forwarded For on server side and also enable on WAF end you will get Real IP in server logs.

 

Thanks.

Nikhil Chaudhari