Fortinet 129 FortiWeb 5.0 Patch 6 Administration Guide
To add a default route via the CLI
1. Enter the following commands:
config router static
edit <route_index>
set gateway <gateway_ipv4>
set device <interface_name>
end
where:
•<route_index> is the index number of the route in the list of static routes
•<gateway_ipv4> is the IP address of the gateway router
•<interface_name> is the name of the network interface through which packets will
egress, such as port1
The FortiWeb appliance should now be reachable to connections with networks indicated by
the mask.
2. To verify connectivity, from a host on the network applicable to the route, attempt to connect
to the FortiWeb appliance’s web UI via HTTP and/or HTTPS. (At this point in the installation,
you have not yet configured a policy, and therefore, if in reverse proxy mode, cannot test
connectivity through the FortiWeb.)
If the connectivity test fails, you can use the CLI commands:
execute ping
to determine if a complete route exists from the FortiWeb to the host, and
execute traceroute
to determine the point of connectivity failure. For details, see the FortiWeb CLI Reference.
Also enable ping on the FortiWeb (see “To configure a network interface’s IPv4 address via
the CLI” on page 117), then use the equivalent tracert or traceroute command on the
By default, in reverse proxy mode, FortiWeb’s virtual servers will not forward
non-HTTP/HTTPS traffic from virtual servers to your protected web servers. (Only traffic picked
up and allowed by the HTTP reverse proxy will be forwarded.) You may be able to provide
connectivity by either deploying in a one-arm topology where other protocols bypass FortiWeb,
or by enabling FortiWeb to route other protocols. See also “Topology for reverse proxy mode”
on page 63 and the config router setting command in the FortiWeb CLI Reference.