I have a Fortigate+Fortiweb (waf)
I have a web service published on a public IP in the Fortigate. Through a NAT I redirect the traffic to a virtual IP in the WAF. When the traffic arrives to the WAF, I need that depending on the source IP of my clients I can apply one policy or another.
I want to do this because I have a couple of clients that have insecure Ciphers, so I want to apply a special policy to them. That is to say, they are going to use the same services all the clients, but to some of them I have to allow them to negotiate with more insecure ciphers.
How can I do this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@lgm : Unfortunately, you can not set the SSL-Cipher based on the client Source IP.
The workaround to achieve this can be
1. Create two Virtual IP on Fortiweb and bind different SSL Ciphers against the Virtual Servers.
2. From Fortigate perform the NAT based on the source IP to redirect the traffic two different Virtual server on Fortiweb.
Hi!
Yesterday we tried to do that, but the Fortigate does not allow us to create a new NAT pointing to the 2 virtual IPs, since the NAT is on the same public IP and with the same port 443.
How can we do this? I tell you that for now we have not found the way to do it.
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.