Hi all,
I have read some post to try to configure my fortigate 600E like a reverse proxy. The posts are closed, and that is the reason why I opening this.. I would like to emulate a reverse proxy to connect to internal servers (not DMZ servers) using my external firewall. I would like to know if the final connection to the real servers, is established by Fortigate or from the internet client. I'm not sure about this. I've posted that:
https://community.fortinet.com/t5/Support-Forum/Fortigate-SSL-Offloading-with-SNI/m-p/348745#M253392
Do you know if the TCP connection is stablished from Fortigate? I'm not sure if in both cases it works like a real reverse proxy. I don't want direct TCP connections to the real servers from internet clients
Thanks ¡¡¡
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi FortiMaster
As you may know we usually use DNAT/VIP to publish servers. But if ypu want it like reverse proxy I guess you need to configuer proxy rule instead of firewall rule. Well I'm not sure and didn't test it but I think you should dig in that side.
Created on 10-14-2024 03:45 AM Edited on 10-14-2024 04:56 AM
Thanks AEK. Normally I use VIPs to publish web servers from my DMZ. But in this case, I want to publish web servers from my internal network and I don't want direct internet connectios.
On the other hand I want to publish some servers using same IP and port. For that, the best way that I Know is using a virtual server with host load balancing.
I could configure explicit proxy in internal firewall to proxy tráffic received from external firewalI maybe ? I have read that fortigate doesnt recommends to enable explicit proxy on Internet connected interfaces.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.