hello i have a IIS web server currently connected to dmz interface on a Cisco ASA.
I will be adding a fortiWEB VM . (Everything is virtual)
DO i setup an interface on my fortiWEB in the same DMZ and then do i need to create a new subnet , set that as a 2nd interface on the fortiWEB and move my IIS web server to this new subnet?
Ii this correct?
Also i believe on my fortiWEB i create a virtual server IP using the original IP address of my IIS webserver AKA the old IP address from the DMZ subnet?
Thanks ,
Hello Jason
it depends on deployment mode actually.
Assuming you'll go for the most used, reverse-proxy mode, if you configure for instance fortiweb port1 belonging to that DMZ, you'll need renumerate your IIS webservers IP address and connect all these 'behind' another WAF interface.
On the hand, if you adopt some of the transparent modes available, you could avoid renumerate, but (maybe) the whole setup became a little bit more complex, using v-bridge.
regards
/ Abel
thanks for the reply. yes i was going to use reverse proxy mode.
i will re-ip the webserver . thank you .
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1768 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.