Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cajuntank
Contributor II

Created on ‎08-14-2024 06:46 PM Edited on ‎08-14-2024 06:49 PM

X-forwarded-for header question?

Ok, I will admit I am a little outside my knowledge base with this one. In my investigation, I am learning that what I am looking for might be this header passed from the browser called X-Forward-For. Based on what I am seeing, this shows or can show, the clients original IP, then successive IPs as they pass through proxies. 

 

I am not sure if this is something that is handled at the browser level itself (but I do see extensions available where you can easily customize/add, etc...), but I also see past articles about this header and Fortinet products... but it appears the traffic flow is that maybe being inbound, like protecting a web server behind a FortiGate or FortiWeb device.

 

My inquiry for my traffic outbound from my network. Is there a way to inject that header as it passes through the firewall so if an external webserver can log that info via its auditing, I can glean the private client IP of my user (assuming I have access to that external webserver's audit logs of course)? 

Labels:
2891
0 Kudos
1 Solution
abarushka
Staff
Staff

Created on ‎08-15-2024 03:25 AM

Hello,

 

Yes, FortiGate supports adding x-fowarded-for header. Please find more details by following the link below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-x-forwarded-for-header-to-explicit-...

FortiGate

View solution in original post

2829
0 Kudos
3 REPLIES 3
abarushka
Staff
Staff

Created on ‎08-15-2024 03:25 AM

Hello,

 

Yes, FortiGate supports adding x-fowarded-for header. Please find more details by following the link below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-x-forwarded-for-header-to-explicit-...

FortiGate
2830
0 Kudos
Cajuntank
Contributor II
In response to abarushka

Created on ‎08-15-2024 05:10 AM

OK, again, forgive the ignorance on this, but can you give me an idea of what the resulting traffic flow will be? What I mean is, the policy I am interested in applying this to, is a flow-based policy using flow based security inspections. Would I need to convert that to a proxy based policy or can I keep it a flow based? And this will be a https site, so is there anything I need to add to that web-proxy profile accordingly?

 

Sorry for all of the follow-up inquiries.

2810
0 Kudos
abarushka
Staff
Staff
In response to Cajuntank

Created on ‎08-16-2024 12:50 AM

Hello,

 

"webproxy-profile" (x-fowarded-for) can be applied to only explicit proxy policy or regular firewall policy (proxy inspection mode only). "webproxy-profile" setting is not applicable, when firewall policy in flow inspection mode.

 

You may consider to configure web-proxy profile and add the profile under firewall policy / explicit proxy policy (deep inspection profile might be required) and check whether x-fowarded-for is added:

 

config web-proxy profile
edit <name>
set header-x-forwarded-for add
end

FortiGate
2761
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.