Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nolan
New Contributor

Redirect HTTP traffic to HTTPS?

I' m hosting on a web server behind a FortiWiFi 60C. Internally, users access the port 80 site, and externally, I have a policy allowing 443 traffic. How can I get traffic incoming (externally) on port 80 to redirect to 443? I' ve searched on this a lot and have come up with nothing. I must be using the wrong search terms - I' m not a network guy. Any help is greatly appreciated. Thank you.
6 REPLIES 6
Rick_H
New Contributor III

Typically this type of redirect is done on the webserver itself. The process is different for each web server and, of course, you' d have to allow inbound connections to reach your webserver on port 80 as well. You could probably use port address translation on your Virtual IP to map 80 to 443, but I' m not sure how your browser would behave when it started receiving encrypted traffic while expecting straight HTTP.
Nolan
New Contributor

Thanks for the quick reply! I did try port address transaction on my virtual IP, but it didn' t work as expected - like you pointed out. I previously had an ISA server for a firewall and it handled the redirection nicely in the web publishing rules, so I thought I' d just check to see if the firewall could continue to handle it. I will then investigate configuring the web server to handle the redirection. Thanks again for the help!
Rick_H
New Contributor III

There are a lot of folks who still use ISA in conjunction with a more traditional firewall. ISA can act as a web application firewall (WAF) and operate at higher OSI levels than a traditional firewall typically does (and therefore do the redirect for you). This is especially true for Microsoft products. If you still have a current ISA license and are dead set against allowing multiple ports to your web server from the outside then ISA may be a solution for you. It would be a bit more complicated, but would offer some flexibility in exchange. Otherwise, the webserver-based redirect will be the way to go. EDIT: I accidentally a word.
Dave_Hall
Honored Contributor

How can I get traffic incoming (externally) on port 80 to redirect to 443? I' ve searched on this a lot and have come up with nothing.
Keep in mind that the HTTP management port (if enabled) for the Fortigate is on port 80. If you are planning to set up a VIP/port forward, you may need to change the http management port (under System->Admin->Settings) to something else other than port 80.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
DW_FTNT

HTTP to HTTPS redirect was added to 6.2.1 Code   you can terminate 443 on the fortigate or just pass 443 all the way to the server. This link shows how to terminate/offload 443 on the fortigate https://docs.fortinet.com...ect-for-load-balancing here is a link to offloading https://help.fortinet.com...db-ssl-tls-offload.htm     if you want to just pass 443 to the server and not terminate the session on the fortigate edit the vip "virtual-server-https" --->  set server-type tcp

 

you can also redirect other ports like 8080  using http edit "virtual-server-http"     set extport 80 to    set extport 8080     be sure to use proxy mode

Markus
Valued Contributor

I know, very old post, but good news...

Starting with FortiOS 6.2.1, you can configure a virtual server with HTTP to HTTPS redirect enabled

https://docs.fortinet.com...ect-for-load-balancing

 

[Edit]

sorry, allready posted :)


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
Labels
Top Kudoed Authors