Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Şahram
New Contributor

about Fortiweb SNAT - X-Forward

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack accurs, Fortiweb block traffic based on the 192.0.2.1 source ip adderss, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to Access the servers. What must the administrator do to avoid this problem? (Choose two)

A. No special configuration is required connectivity will be re-established after the set timeout B. Enable the Add X-Forwarded-for setting on Fortiweb C. Place FortiWeb in front of FortiAdc D. Enable the use X-Forwarded-For setting on fortiweb

2 REPLIES 2
SJFriedl
New Contributor II

[strike]I'm not familiar with the ADC, but using both a Virtual IP (which does NAT) *and* an IPv4 policy that enables NAT, would do something like that.  Inbound policies should almost never use NAT when they're hitting a Virtual IP.[/strike]

 

Oh, this was exam prep - sorry.

Yurisk
Valued Contributor

The correct answer should be "Enable the Add X-Forwarded-for setting on ADC", which is your exam dump does not event include, you've got fake dump of a dump, ask for refund :)

If you have no idea about ADC/Fortiweb whatsoever - chances of passing the exam on dumps only is very low, be aware. At least study throughly NSE 6 (free) courses for ADC.   

https://docs.fortinet.com/document/fortiadc/5.3.0/cli-reference/342760/config-load-balance-profile

 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.