Hi,
Im about to install a FortiWeb, to handle OWA, Reverse proxy etc.
Where should I place the appliance...?
[ul]If I place it behind the Fortigate, is it possible to use the Servers Certificate on the FortiWeb or do I need to do the HTTPS decyption on the Fortigate?
If I place it behind the fortigate, the FortiWeb will have an internal (NAT:ed) address.
Whats the best practice here?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Nil,
The certificate is not bound to any IP, as far as the requests/traffic reach FortiWeb to its destined virtual server IP(public/private) and Port, the certificate thing would work fine.
Hi..
Ideally WAF should be placed behind Firewall DMZ. You can install/import server certificates on FortiWeb for https encryption/decryption. There are some info available on the topology setup done in reverse proxy mode, please go through http://help.fortinet.com/fweb/554/index.htm#FortiWeb/fortiweb-admin/planning_topology.htm%3FTocPath%...
Ok,
I saw these topology setups.
There is one thing I'm not sure about, and its about the server certificates.
I the FortiWeb is behind NAT, where should I place the certificates?
Aren't these meant to be where the External IP is located?
Hi Nil,
The certificate is not bound to any IP, as far as the requests/traffic reach FortiWeb to its destined virtual server IP(public/private) and Port, the certificate thing would work fine.
Ok thanks!
if you migrate certificates?
just create CSR then the signed CRS will upload to Fortiweb,
Countryboy
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.