Fortinet 14 FortiWeb 5.0 Patch 6 Administration Guide
* On VM models, acceleration is due to offloading the cryptography burden from the back-end
server. On hardware models, cryptography is also hardware-accelerated via ASIC chips.
FortiWeb significantly reduces deployment costs by consolidating WAF, hardware acceleration,
load balancing, and vulnerability scanning into a single device with no per-user pricing. Those
features drastically reduce the time required to protect your regulated, Internet-facing data and
eases the challenges associated with policy enforcement and regulatory compliance.
Architecture
Figure 1: Basic topology
FortiWeb can be deployed in a one-arm topology, but is more commonly positioned inline to
intercept all incoming clients’ connections and redistribute them to your servers. FortiWeb has
TCP- and HTTP-specific firewalling capability. Because it is not designed to provide security to
non-HTTP applications, it should be deployed behind a firewall such as FortiGate that focuses
on security for other protocols that may be forwarded to your back-end servers, such as FTP
and SSH.
Once the appliance is deployed, you can configure FortiWeb via its web UI and CLI, from a web
browser and terminal emulator on your management computer.
Scope
This document describes how to set up your FortiWeb appliance. For both the hardware and
virtual appliance versions of FortiWeb, it describes how to complete first-time system
deployment, including planning the network topology.
It also describes how to use the web user interface (web UI), and contains lists of default utilized
port numbers, configuration limits, and supported standards.
This document assumes, if you have installed the virtual appliance version (FortiWeb-VM), that
you have already followed the instructions in the FortiWeb-VM Install Guide.