On FortiADC I tried to configure a NAT Source Pool with an IP-address of
an existing VS, but seems to be not possible, as I get an error message
saying that this IP-address is a duplicate to an existing VS.Is this
really a normal behavior and if so, ...
Is it possible to use the SNI value (for a whitelisting) in scripting
without terminating SSL on the FortiADC?It seems there is only the
CLIENT_HANDSHAKE event, but this requires a clientssl-profile. With F5
iRules there is an additional event CLIENT...
Hi there,we've installed a FortiProxy VM64 running 7.0.0 and we are
facing issues with HTTPS connections.WebGUI access via https is not
possible and als web-proxy connection for https-websites are not
working.Both use-cases via http are working fine....
Sorry for the late reply, but I get the solution in the meanwhile via
internal Fortinet colleagues.There is CLI command, where you can enable
this globally.config sys globalset share-ip-address enableOnce done, you
are allowed to use a VS-IP within a...
Just for your reference, same issue here with version 7.0.9.I can at
least confirm the above mentioned behavior-change starting with version
7.0.6, because with down-grading to version 7.0.5 the ZTNA Connections
Rules will be displayed in FortiClient...
Just for your information, official Fortinet-Support finally confirmed,
that this special use-case is currently NOT possible/supported. SNI
host-header can't be processed without SSL termination.Thank you!
Regards Stefan :)
Dear Anthony,thanks for sharing this documentation link, but I think
using a clientSSL -profile always requires the server-certificate. And
that's exactly what I'd like to avoid.I just want the FortiADC to "read"
the SNI field from the ssl_clienthell...
