Fortinet 5.0 Patch 6

Fortinet 112 FortiWeb 5.0 Patch 6 Administration Guide

and vice versa (“redundant interfaces”/”NIC teaming”/”NIC bonding” or “aggregated links”).

These can provide features such as link failure resilience or multi-network links.

Usually, each network interface has at least one IP address and netmask. However, this is not

true for bridges.

Bridges (V-zones) allow packets to travel between the FortiWeb appliance’s physical network

ports over a physical layer link, without an IP layer connection with those ports.

Use bridges when:

• the FortiWeb appliance operates in true transparent proxy or transparent inspection mode,

and

• you want to deploy FortiWeb between incoming connections and the web server it is

protecting, without changing your IP address scheme or performing routing or network

address translation (NAT)

For bridges, do not assign IP addresses to the ports that you will connect to either the web

server or to the overall network. Instead, group the two physical network ports by adding their

associated network interfaces to a bridge.

Configure each network interface that will connect to your network or computer (see

“Configuring the network interfaces” on page 113 or “Configuring a bridge (V-zone)” on

page 122). If you want multiple networks to use the same wire while minimizing the scope of

broadcasts, configure VLANs (see “Adding VLAN subinterfaces” on page 117).

FortiWeb does not currently support IPSec VPN virtual interfaces nor redundant links. If you

require these features, implement them separately on your FortiGate, VPN appliance, or firewall.