I have a WAN connection with a single public IP. Behind the FortiGate appliance, I have an HAProxy server which farms out the HTTP requests to the relevant backends based on the HTTP `Host` header.
At the moment, I have two port forwards on the FortiGate appliance, which forward all HTTP/S requests to HAProxy. From there, I use ACLs within HAProxy to control which IPs are authorised to use each backend. I would like to remove those HAProxy ACLs and manage ALCs in FortiGate.
Like what I've done in HAProxy, each backend has a unique set of IPs that are authorised to send HTTP/S requests. There are a few instances where some of the backends are open to the public and other instances where the backends are restricted to specific IPs. All of these backends share the same public port (i.e. 80/443) so the FortiGate ACL needs to be defined using the `Host` header.
How would I go about doing this?