Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vegetafx
New Contributor

FortiWeb Protection in internal LAN

Hello! 

 

I have a question regarding a maybe out of the ordinary topology. Basically, I have a LAN of multiple clients (let's say 2 for ease of use), both clients need to access a webserver that is located in the same network as the clients. Something like this:

Network: 192.168.0.0/24

Client_1: 192.168.0.10

Client_2: 192.168.0.20

Web Server: 192.168.0.30

 

Now, is there any way that I can deploy a FortiWeb inside the LAN, so that the webserver is protected from potential attacks by Client 1 and Client 2? If so, how? I understand the basic topology where outside traffic from another network should pass through the FortiWeb and onwards to the network where the webserver is located...however how can I force clients to pass through the FortiWeb towards the webserver when they are on the same network? (for example, client_1 who tries to type [link]https://192.168.0.30/[/link] should first pass through FortiWeb and then reach the server).

Also, can you actually use it to block attacks? Or can it only alert and log them?

 

Thank you very much for your answers and I apologize if the question seems abit stupid.

 

1 REPLY 1
abelio
SuperUser
SuperUser

Hello

Consider True Transparent proxy, see attached schema copied/pasted from fortiweb admin manual

 In this operation mode you'll need to sacrifice ssl offloading and a few features but you could be able to meet the requirement.

 

 

 

regards




/ Abel

regards / Abel
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors