Purpose
The FortiWeb does not perform any address translations for outbound sessions, it simply passes through the source device IP address. The upstream gateway has to do the NAT and also needs a route to get back to the source device network.
This process does not apply to inbound sessions to web pages as they do go through a series of address translations.
Outbound Example:
port1 – 192.168.1.1/24 - upstream link to gateway
port2 – 192.168.2.1/24 – back-end to servers
Web Server – 192.168.2.2/24 (gateway set to 192.168.2.1)
The upstream gateway will see all sessions initiated from the web server as its source IP of 192.168.2.2 rather than the FortiWeb's port 1 IP (as would occur with inbound web sessions going through the server policy).
Scope
FortiWeb
Expectations, Requirements
FortiWeb deployed with Internet access and a web server.