Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortiweb: Apply different policy depending on Source IP.

I have a Fortigate+Fortiweb (waf)

I have a web service published on a public IP in the Fortigate. Through a NAT I redirect the traffic to a virtual IP in the WAF. When the traffic arrives to the WAF, I need that depending on the source IP of my clients I can apply one policy or another.

I want to do this because I have a couple of clients that have insecure Ciphers, so I want to apply a special policy to them. That is to say, they are going to use the same services all the clients, but to some of them I have to allow them to negotiate with more insecure ciphers.


How can I do this?

Contributor II

@lgm : Unfortunately, you can not set the SSL-Cipher based on the client Source IP. 


The workaround to achieve this can be

1.  Create two Virtual IP on Fortiweb and bind different SSL Ciphers against the Virtual Servers. 

2. From Fortigate perform the NAT based on the source IP to redirect the traffic two different Virtual server on Fortiweb. 



ssl setting.PNG


Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
New Contributor



Yesterday we tried to do that, but the Fortigate does not allow us to create a new NAT pointing to the 2 virtual IPs, since the NAT is on the same public IP and with the same port 443.

How can we do this? I tell you that for now we have not found the way to do it.




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors