Yes I knew that they had that product however, from what I understand the Fortigate itself is supposed to do reverse proxying as well. I was just trying to find someone that may have used it for that purpose before and how they did it.  I really dont like having to open all the holes in the firewall so the outside IP is speaking directly to the machine inside or in the DMZ.

jrpayne wrote:

Yes I knew that they had that product however, from what I understand the Fortigate itself is supposed to do reverse proxying as well. I was just trying to find someone that may have used it for that purpose before and how they did it.  I really dont like having to open all the holes in the firewall so the outside IP is speaking directly to the machine inside or in the DMZ.

Oh, ok! So, did you find a way to RP with the Fortigate? I could really use the info.

 

Thanks!

Hi We do "RP" with Fortigate within the loadbalance function.

config firewall vip edit "vs_https_owa"         set type server-load-balance         set extip xxx.xxx.xxx.xxx         set extintf "wan1"         set server-type ssl         set monitor "https"         set persistence ssl-session-id         set extport 443             config realservers                 edit 1                     set ip xxx.xxx.xxx.xxx                     set port 443                 next             end         set ssl-mode full         set ssl-certificate "your ssl certificate"         set ssl-dh-bits 2048         set ssl-min-version tls-1.0         set ssl-client-renegotiation secure     next

Hi Marcus,

 

Forgive me if this is a stupid question, I'm curious how you got this working and whether it would work in my scenario. We have a fortigate 100D

 

I am wanting to setup https access to multiple webservers and also an ADFS Server that are sitting on my internal network. 

site1.domain.com

Site2.domain.com

Site3.domain.com

ADFS.domain.com

 

I have a wildcard public certificate for domain.com. Is there anyway for the fortigate to know where to send the traffic? 

 

Cheers

Nathan

Hi Nazz Sorry for the delay, was absent for a while. Yes, this should work in your scenario. In my opinion, the easy way, is to create a lodbalance vip for every site. This should work with your wildcard cert as well and you can decide which domain points to the corresponding webserver.

 

As I know, there is no way to redirect different URLs (with same IP) to different Servers. Hope it helps. Best,

Markus

You need a real reverse  proxy if you want  host_header switching if you have one  public_address. A  Fortigate-RP is good for generic  hosting but not the ideal candidate.