Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lostboy10
New Contributor II

Limit Access to an internal website in Fortigate

I have an internal application to which i want to limit the sessions from a particular source IP.. i.e. an IP should not be able to stablish more than 10 sessions to that application..i understand i can create a threshold for this in IPv4 DOS Policy but the source IP is part of a header.. is it possible to limit sessions based on the source IP contained in the header ? 

6 REPLIES 6
AEK
SuperUser
SuperUser

I don't know such feature on FortiGate. But probably it exists on FortiWeb.

AEK
AEK
lostboy10
New Contributor II

i also have a fortiweb behing the fortigate.. is it possible to do so in fortiweb ?

 

AEK

After double-check yes you can do it with FortiWeb.

Here's a video from video.fortinet.com that explains how FWB can read the IP from the header (X-Forwarded-For) and block it if it is from specific GeoIP.

The trick is to enable "Use X-Header to identify original client's IP" in your X-Forwarded-For rule.

https://video.fortinet.com/latest/fortiweb-how-to-use-the-x-forwarded-for-header-to-identify-real-cl...

Hope it helps.

AEK
AEK
dingjerry_FTNT

Hi @lostboy10 ,

 

I don't think that FortiGate can do it. At least, I am not aware of it.

Regards,

Jerry
Dhruvin_patel

Hello,

 

To limit sessions to an internal website based on the source IP contained in the header in FortiGate, you can utilize the Traffic Shaper feature. Within the Traffic Shaper policy settings, set the maximum concurrent connections to 10 for the source IP you want to limit.

 

Reference Document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Limit-connections-to-a-specific-destinatio...

 

Regards!

Dhruvin Patel
lostboy10

thx for the link.. the source ip in the traffic shaper policy will be of the source ip visible in the header or the one which shows in traffic logs ? 

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors