I got an odd situation with our SSL certificate.Webserver under Fortiweb
and FortiGate are configured, https website is working properly. Except
for CA chain is broken. When using SSL checker tools, CA could not be
seen. I might miss something on my ...
We have are deploying Fortiweb in between our Fortigate and Web Server,
in one-arm reverse proxy mode. Our webserver needs to capture the
original IP of web visitors, but the webserver could only see the IP of
the FortiWeb. I have already enabled X-F...
Hi All, Is there a way to increase the limit of certificates on the SSL
Inspection > Protecting SSL Server?Apparently, limit of certicates that
can be used is 10 as noted on the below article link and seems no
resolution on
it:https://community.forti...
I just setup a Fortigate under Azure recently, we have a web server
behind the Fortigate with Virtual IP configured. It is working fine, I
could access the website externally. But when I disable NAT, web server
is inaccessible. We would need the NAT ...
Hi Saneeshpv, There are alot of things to consider on why we need a
Fortigate on top of Fortiweb. IPS is one, as it is only offered by
Fortigate as the Firewall. We have also other ports aside from
http/https that needs to be protected. We are follow...
Hi Saneeshpv, Thank you for the response, would you mean I should
disable SSL inspection on Fortigate? I did try to use the no-inspection,
but for some reason other issue arises when there is no SSL inspection,
Real IP of web visitor is not logging c...
I'll try this, I'll let you know if this is successul. Though one thing
to note is that our setup is quite tricky. As mentioned on my initial
post, we are using SNI for mutiple domains, but our public IP is only
one. Having 'Virtual Server' with 'Ful...
On your suggestion #2, can you futher guide on how I can do the settings
on Fortigate? I believe the Inbound DPI for FG is "Protecting SSL
Server", but I might be wrong.
Hi kmak, The two link you forwarded are similar, it was for Apache. Do
have for IIS? There was a progress, X-Forwarded-For is appearing when on
HTTP. But on not HTTPS. Even the Fortiweb's attack log is showing
Original IP on HTTP but internal IP on H...
