Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Basic content rewrite rules

Mainly for use with multiple ISP scenarios, I' d like to see the ability for a Fortigate to rewrite content on the fly. My priorities would be simple such as DNS rewrites and SMTP helo greeting rewrites. Simple inbound failover of services hosted behind a fortigate with two ISP connections could be done by setting 2 NS records for a domain, one answered via each ISP. If an interface is determined to have lost connectivity (ping server or other dynamic routing changes) the Fortigate could rewrite a reply to a record to reflect this, perhaps redirecting to the same service but via the second ISP. There is already a simple DNS rewrite function but this is geared towards changing only the subnet part of the IP address in a reply, not individual IP addresses. Customers with mail servers sending out SMTP via two ISPs. Ideally, the smtp greeting used should match that of the IP address (forwards and backwards resolution) to avoid certain anti-spam measures and o comply with the RFCs. Unfortunately the mail server is not aware of what ISP is being used for a connection and thus cannot tailor the smtp helo greeting to suit. Again, it wouldn' t be rocket science for the fortigate to rewrite this based on the path taken. There are also bound to be users that wish to do some functions on web servers and URLs hoste behind Fortigates too. The cost of putting in a L7 load balancer might be a bit much, especially when it would appear that the Fortigate has the core functionality to do some of this itself. Any thoughts?