Hello Team,
I am in process of choosing FortiGate-VM (on AWS) for one of my customer for their requirement of having a Firewall in front of their public hosted site(s). This Firewall (single Public IP exposed) will run on the Public subnet and will front-end/Proxy-front the web servers running in the different subnet. Since there are couple of Web services they want to expose both running on default http port, is there any possibility to forward requests to different hosts as per their domain requested. For example.
www.example.com (pointing to 100.99.100.99) -> FortiGateVM -> Machine1 hosting this website on port 80.
www.actual.com (pointing to 100.99.100.99) -> FortiGateVM -> Machine2 hosting this website on port 80.
Any possibility of DNS virtual hosting (just like it is done on Apache) or Header Host based ?
Regards,
Amit
Solved! Go to Solution.
Fortigate FortiOS has the ability of header switch per-vip it simple but if you have HTTPs requirement this is probably not going to work. You will probably want HTTPS rev-rpoxy with full SNI.
Ken
PCNSE
NSE
StrongSwan
My advice is that you go for FortiWeb or a reverse proxy device that can offer you more granullar control depending of what you need to achieve.
FortiOS 5.4 has new WAF features that might help you, check this guide and look for "host header"
http://docs.fortinet.com/uploaded/files/2770/fortigate-load-balancing-54.pdf
cheers
Luiz Alberto Camilo NCT São Paulo www.nct.com.br NSE-5 Expert
Fortigate FortiOS has the ability of header switch per-vip it simple but if you have HTTPs requirement this is probably not going to work. You will probably want HTTPS rev-rpoxy with full SNI.
Ken
PCNSE
NSE
StrongSwan
Hi,
We are new for fortinetVM/Web/FortiOS. We are looking to implement following features via Fortigate service for AWS infrastructure:
1. Fortinet instance working as NAT gateway for other instances in our AWS infra
2. Domain/url based firewall filtering to block specific sites/url.
3. www.example.com (pointing to 100.99.100.99) -> FortinetVM -> Machine1 hosting this website on port 80. www.actual.com (pointing to 100.99.100.100) -> FortinetVM -> Machine2 hosting this website on port 80. The fortinet instance could be required to have two public IP's. If the same could be achieved by single public IP, that would also be acceptable.
Can you suggest which of the service on AWS provided by Fortinet would be suitable for achieving the above objectives.
https://aws.amazon.com/marketplace/seller-profile?id=243a3a4c-e35a-49b0-9061-3f354bb2254e
Some links/guide would be really helpful.
Thanks for the help.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.