Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tindrli
New Contributor

Reverse Proxy

Hey guys,

 

i have to configure reverse proxy for internal email server. I found all the documents how to do it but i have one problem i can't figure out. It's probably something easy but i just can't find out where the problem is. 

For testing purposes i installed IIS server in Windows 7 machine and added that machine to DMZ network.

When I create policies for Internet>DMZ and Inranet>DMZ  and i try to access IIS server i get cert error in the browser and message from the browser "This page isn't working." xyz IP address didn't send any data.

While i was configuring policies i could not configure webcache part at all. This is the error message I'm getting. 

(35) # set webcache-https enable
"webcache-https" cannot be enabled when "deep-inspection" for https is not enabled in ssl-ssh-profile
node_check_object fail! for webcache-https enable

 

Besides this part, rest of the configuration is same as it's provided in documentation. I created self-signed cert in IIS and i used that for this configuration.

Thanks in advance for your help.

 

1 REPLY 1
Prab
New Contributor

Omerika wrote:

Hey guys,

 

i have to configure reverse proxy for internal email server. I found all the documents how to do it but i have one problem i can't figure out. It's probably something easy but i just can't find out where the problem is. 

For testing purposes i installed IIS server in Windows 7 machine and added that machine to DMZ network.

When I create policies for Internet>DMZ and Inranet>DMZ  and i try to access IIS server i get cert error in the browser and message from the browser "This page isn't working." xyz IP address didn't send any data.

While i was configuring policies i could not configure webcache part at all. This is the error message I'm getting. 

(35) # set webcache-https enable
"webcache-https" cannot be enabled when "deep-inspection" for https is not enabled in ssl-ssh-profile
node_check_object fail! for webcache-https enable

 

Besides this part, rest of the configuration is same as it's provided in documentation. I created self-signed cert in IIS and i used that for this configuration.

Thanks in advance for your help.

 

It seems that you need to configure a SSL-Deep inspection profile and assign it to the IPv4 policy.

Have you already configured that? If yes, it could be that the port mapping is missing for HTTPs.

Check the Protocol Port Mapping section of the SSL-Deep inspection profile.

Thanks.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors