Ok, I will admit I am a little outside my knowledge base with this one. In my investigation, I am learning that what I am looking for might be this header passed from the browser called X-Forward-For. Based on what I am seeing, this shows or can show, the clients original IP, then successive IPs as they pass through proxies.
I am not sure if this is something that is handled at the browser level itself (but I do see extensions available where you can easily customize/add, etc...), but I also see past articles about this header and Fortinet products... but it appears the traffic flow is that maybe being inbound, like protecting a web server behind a FortiGate or FortiWeb device.
My inquiry for my traffic outbound from my network. Is there a way to inject that header as it passes through the firewall so if an external webserver can log that info via its auditing, I can glean the private client IP of my user (assuming I have access to that external webserver's audit logs of course)?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Yes, FortiGate supports adding x-fowarded-for header. Please find more details by following the link below:
Hello,
Yes, FortiGate supports adding x-fowarded-for header. Please find more details by following the link below:
OK, again, forgive the ignorance on this, but can you give me an idea of what the resulting traffic flow will be? What I mean is, the policy I am interested in applying this to, is a flow-based policy using flow based security inspections. Would I need to convert that to a proxy based policy or can I keep it a flow based? And this will be a https site, so is there anything I need to add to that web-proxy profile accordingly?
Sorry for all of the follow-up inquiries.
Hello,
"webproxy-profile" (x-fowarded-for) can be applied to only explicit proxy policy or regular firewall policy (proxy inspection mode only). "webproxy-profile" setting is not applicable, when firewall policy in flow inspection mode.
You may consider to configure web-proxy profile and add the profile under firewall policy / explicit proxy policy (deep inspection profile might be required) and check whether x-fowarded-for is added:
config web-proxy profile
edit <name>
set header-x-forwarded-for add
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.