Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
Adam_Shortt_FTNT
Staff
Staff

Created on ‎06-08-2012 12:35 PM

Article Id 194218

Technical Note : FortiWeb Source Address Translation for Outbound Sessions

Purpose
The FortiWeb does not perform any address translations for outbound sessions, it simply passes through the source device IP address. The upstream gateway has to do the NAT and also needs a route to get back to the source device network.

This process does not apply to inbound sessions to web pages as they do go through a series of address translations.

Outbound Example:

port1 – 192.168.1.1/24 - upstream link to gateway
port2 – 192.168.2.1/24 – back-end to servers
Web Server – 192.168.2.2/24 (gateway set to 192.168.2.1)

The upstream gateway will see all sessions initiated from the web server as its source IP of 192.168.2.2 rather than the FortiWeb's port 1 IP (as would occur with inbound web sessions going through the server policy).

Scope

FortiWeb


Expectations, Requirements

FortiWeb deployed with Internet access and a web server.


Labels:
853
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.