Hi,
We have an e-commerce business hosted approximately 3000 web sites on a web server, from which at least 500 web sites (currently, and growing) have its own domain name available under https protocol. Searching for some solution to protect them, recently we’ve got opportunity to test Sophos XG Firewall 2300 series. Unfortunately it requires to upload individual certificates to the firewall WAF rule, e.g. create individual WAF rule for each site in order to work, which is too complex and on top of that, it has limitation of maximum 60 WAF rules to be active at the same time. So my question is, how Fortigate/Fortiweb firewalls handle this, are they also require to upload individual certificate for each site, or some general WAF rule can be created to protect them all from attacks like SQL inject, XSS and etc.?
If it does require uploading individual certificate for each domain name hosted securely under https protocol, how many certificates/policies can be uploaded to the firewall? In other words, what is the maximum number of web sites hosted securely, using their own certificate on a single server which can be protected by either Fortigate or Fortiweb?
Thanks!!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Fortigate does have some WAF capabilities, but if you are hosting that many sites, you will want to look at FortiWeb. There is a robust features set for attack inspections and controls.
You can do SSL offloading and inspecting:
Fortigate or Fortiweb, in both cases the main question is, can I have one server policy and include all certificates used in web server or it is required to have individual policy for each secured domain?
Great, I have managed to test it in Fortiweb, using SNI feature, works like a charm!. Now, interesting, how many domains I can create under single SNI group?
Hi
it depends on model and firmware version.
Check max values table included in any fortiweb admin guide.
regards
/ Abel
thanks a lot!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.