Deployment of FortWEB 600 in client Network Infrastructure

atifali681 · ‎12-11-2025

Hi , Fortinet Community,

I want to install Fortiweb 600F in my Client Infra.

I want to install it in Reverse Proxy Mode. Client Network design is this
1. Server->Distribution->Core Switches->FortiWeb->Fortigate FW-> ISP Internet + MPLS Links

Client has multiple branch offices in country hospital which run erp/web applications from remote locations which will be sitting behind Fortiweb.

Please suggest me either reverse proxy mode is perfect for it?
And Suggest what will be network topology and subnets/VIPS.
Lets Suppose my server form is using 20.20.20.0/24 subnet and Fortigate firewall working as edge firewall running 10.10.10.0/24 subnet.

needs experts and seniors help. Kindly suggest better approach.
Can be vips subnet different, how it will route , how other traffic will route, currently gateways of servers configured upon fortigate firewall

Atif

AEK · ‎12-11-2025

Hi Atif

Here are some comments:

Reverse proxy more is the best choice in 99% of cases
In reverse proxy mode it is not required that FWB is on the same subnet as the server
In your design I think there should be another link between FGT and Core switch, in order to forward only HTTP(S) to FortiWeb, and all other traffic will be sent to servers directly through Core-SW-1
Default GW of the FWB should be the FGT IP, while you will need add static routes to FWB in case the servers are in different subnets as FWB

AEK

Deployment of FortWEB 600 in client Network Infrastructure

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website