Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lev
New Contributor

We need to protect a web server hosting 3000+ web sites, securely. Need your advice.

Hi,

 

We have an e-commerce business hosted approximately 3000 web sites on a web server, from which at least 500 web sites (currently, and growing) have its own domain name available under https protocol. Searching for some solution to protect them, recently we’ve got opportunity to test Sophos XG Firewall 2300 series. Unfortunately it requires to upload individual certificates to the firewall WAF rule, e.g. create individual WAF rule for each site in order to work, which is too complex and on top of that, it has limitation of maximum 60 WAF rules to be active at the same time. So my question is, how Fortigate/Fortiweb firewalls handle this, are they also require to upload individual certificate for each site, or some general WAF rule can be created to protect them all from attacks like SQL inject, XSS and etc.?

 

If it does require uploading individual certificate for each domain name hosted securely under https protocol, how many certificates/policies can be uploaded to the firewall? In other words, what is the maximum number of web sites hosted securely, using their own certificate on a single server which can be protected by either Fortigate or Fortiweb?

 

Thanks!!

5 REPLIES 5
distillednetwork
Contributor III

Fortigate does have some WAF capabilities, but if you are hosting that many sites, you will want to look at FortiWeb.  There is a robust features set for attack inspections and controls.  

 

You can do SSL offloading and inspecting:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/f70b80b8-da3a-11eb-97f7-005056...

 

Lev

Fortigate or Fortiweb, in both cases the main question is, can I have one server policy and include all certificates used in web server or it is required to have individual policy for each secured domain?

 

 

Lev

Great, I have managed to test it in Fortiweb, using SNI feature, works like a charm!. Now, interesting, how many domains I can create under single SNI group?

abelio
Valued Contributor

Hi

it depends on model and firmware version.

Check max values table included in any fortiweb admin guide.

I.e:
https://docs.fortinet.com/document/fortiweb/7.0.2/administration-guide/789367/appendix-b-maximum-con...

regards




/ Abel

regards / Abel
Lev
New Contributor

thanks a lot!

Top Kudoed Authors