Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MercyBrew
New Contributor II

HTTP to HTTPS Redirect Using Virtual IP

Hi

 

Please I need help redirecting http requests to https from a Virtual IP to another Virtual IP.

 

My configuration is as follows:

 

I have a Fortigate 80E that is configured with primary and secondary IP addresses on its WAN1 interface. Administrative access to the device over WAN1 is supported only on the primary IP on ports 80 and 8443. Port 80 by default redirects to port 8443.

 

I have a Virtual IP configure to accept connections to the device on port 443 of the secondary external IP and forward it to port 443 on an internal server. This is working well. But because we have users who often make the mistake of typing http instead of https when connecting, who then make complaints, I have been required to redirect http connections to https to compensate for this.


Since there is not option for enabling http redirect on a Virtual IP accepting requests on port 80 using the GUI, using the CLI I configured a VIP with the secondary IP as extIP and enabled http-redirect on it. The redirect works except that instead of redirecting to port 443, it redirects to the administrative port 8443.

Can anyone advice on what I can do if any to get the redirect to work as intended?

#fortigate 

4 REPLIES 4
akristof
Staff
Staff
MercyBrew
New Contributor II

Thank you aKristof.


I tried it before and it did not work well. The redirection worked but the server returned an empty response.

I however just changed the ssl-mode of the https VIP to full and it is now working.

 

Thanks

jammac
New Contributor III

That works well unless you want to use a captive portal to authenticate the connection to the virtual server. In this case it will present the portal using HTTP and not HTTPS which is not good.

MercyBrew
New Contributor II

Thank you.

I tried it before and it did not work well. The redirection worked but the server returned an empty response.

I however just changed the ssl-mode of the https VIP to full and it is now working.

 

Thanks

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors