Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
jcastellanos
Staff
Staff

Created on ‎02-04-2024 10:10 PM Edited on ‎02-04-2024 10:11 PM By Community Manager

Article Id 297572

Technical Tip: Provide Internet access to a server behind the FortiWeb

Description This article describes how to provide Internet access to a server behind the FortiWeb. In some scenarios, the admin is required to provide Internet access to the server protected by the FortiWeb.
Scope

FortiWebv7.2.X.

In this scenario, Server 10.0.0.70 is behind FortiWeb and could require to get some resources from the internet.
Solution

The firewall only provides internet access to the IP address in the outside interface(port3-192.168.61.128) of the FortiWeb:

 

Diagram:

 

7-diagram.PNG

 

By default, the traffic is not allowed:

 

8-not allowed.PNG

 

It is necessary to enable set ip-forward:

 

1-router setting.PNG

 

The traffic passes from port4 to port3. However, it still not answering because it is passing with the original IP 10.0.0.70. NAT will be required.

 

4-withoutsnat.PNG

 

Enable the Firewall option in feature visibility and configure a NAT rule.

 

2-feature visibilty.PNG

 

3-nat policy.PNG

 

The traffic is translated to the IP in the outside interface of FortiWeb:


5-sniffer nat policy.PNG

 

The server gets internet access:

 

 

6-google open.PNG

 

201
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.