Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
matteocostanzo
New Contributor II

Created on ‎04-04-2023 05:51 AM

is it possible to use fortigate as a reverse proxy

Hi everyone I have a FortiGate 100F with version v7.2.4 build1396.

inside this firewall i have many webservers exposing with their own certificate installed locally on single server.

I wanted to know if with fortigate I can centralize this thing.

installing all certificates on the firewall and exposing all servers with this centralization of certificates.

treat the fortigate as a reverse proxy.

if it can be done. what tools should i use???

Labels:
19400
0 Kudos
6 REPLIES 6
fredery
Staff
Staff

Created on ‎04-04-2023 07:10 AM

Hello Matteo,

 

As good first steps would be to check those:

 

https://www.fortinet.com/resources/cyberglossary/reverse-proxy   (pretty generic but still good for the language used)

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Reverse-proxy/ta-p/189432

https://www.fortinetguru.com/2017/02/example-reverse-proxy-web-caching-and-ssl-offloading-for-an-int...

 

19391
0 Kudos
matteocostanzo
New Contributor II

Created on ‎04-05-2023 08:16 AM

ok it works.

but now I have a second question.

since the virtual server works only with IP address.

if i want to publish many internal webservers with this method.

it seems to me that with this method I will have to make a 1:1 association external ip - internal ip.

i cant work with dns names?? if i have only one external ip to work with how can i do?? Do you think it is possible or not?

19371
0 Kudos
fredery
Staff
Staff

Created on ‎04-05-2023 08:36 AM

Hello Matteo,

 

You have the option of specifying FQDN, exactly aligned with your use case. And empty configuration screenshot to show you the options available in the GUI:

 

2023-04-05 11_34_05-FortiGate - Discovery-kvm07 — Mozilla Firefox.png

19369
matteocostanzo
New Contributor II
In response to fredery

Created on ‎04-05-2023 08:58 AM

I failed to use this virtual ip solution.

I used the Load balancer virtual server solution

19368
0 Kudos
matteocostanzo
New Contributor II
In response to matteocostanzo

Created on ‎04-05-2023 08:58 AM

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/713497/virtual-server-load-b...

19368
0 Kudos
lol
Staff
Staff

Created on ‎04-12-2023 05:46 AM

Hello,

 

> i cant work with dns names?? if i have only one external ip to work with how can i do??

 

This can be achieved with "set ldb-method http-host" and setting "set http-host your.fqdn"

 

 

In the link you posted its the feature
>> HTTP Host
>> Load balances HTTP host connections across multiple real servers using the host’s HTTP header to guide the connection to the correct real server.


Also refer to this forum post and the replies which is basically asking the same, one external IP and hosting multiple internal servers based on SNI / FQDN.
https://community.fortinet.com/t5/Support-Forum/Fortigate-SSL-Offloading-with-SNI/td-p/252027

 


Regards

19300
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.