Im about to install a FortiWeb, to handle OWA, Reverse proxy etc.
Where should I place the appliance...?
If I place it behind the Fortigate, is it possible to use the Servers Certificate on the FortiWeb or do I need to do the HTTPS decyption on the Fortigate?
If I place it behind the fortigate, the FortiWeb will have an internal (NAT:ed) address.
Whats the best practice here?
Go to Solution.
The certificate is not bound to any IP, as far as the requests/traffic reach FortiWeb to its destined virtual server IP(public/private) and Port, the certificate thing would work fine.
View solution in original post
Ideally WAF should be placed behind Firewall DMZ. You can install/import server certificates on FortiWeb for https encryption/decryption. There are some info available on the topology setup done in reverse proxy mode, please go through http://help.fortinet.com/fweb/554/index.htm#FortiWeb/fortiweb-admin/planning_topology.htm%3FTocPath%...
I saw these topology setups.
There is one thing I'm not sure about, and its about the server certificates.
I the FortiWeb is behind NAT, where should I place the certificates?
Aren't these meant to be where the External IP is located?
if you migrate certificates?
just create CSR then the signed CRS will upload to Fortiweb,
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.