We have are deploying Fortiweb in between our Fortigate and Web Server, in one-arm reverse proxy mode. Our webserver needs to capture the original IP of web visitors, but the webserver could only see the IP of the FortiWeb. I have already enabled X-Forwarded-For options on the Fortiweb.
From the packet capture of Fortiweb, we could see that the X-Forwarded-For IP is seen on the extracted packet logs. However, original IP is not appearing on the source of "Attack Logs" also, while not sure if this has any effects.
And from the backend programming of the webserver, we have tried all the method to capture headers like REMOTE_ADDR, HTTP_X_FORWARDED_FOR, HTTP_X_REAL_IP, etc. Still it is showing the IP of Fortiweb only.
22.214.171.124 (sample public IP of web visitor) -> [10.10.10.5 (Fortigate WAN) -> 10.0.2.5 (Fortigate LAN) ] -> 10.0.2.6 (Fortiweb) -> 10.0.2.7 (webserver)
With the above, our web server is working but should be able to log the 126.96.36.199 as the original IP of visitor. But it could only see the IP of fortiweb 10.0.2.6 as value or x-forwarded-for or remote-addr.
Hopefully someone could have an insight to this. Our webserver do really need to log the Original IP of visitor.