Fortinet 205 FortiWeb 5.0 Patch 6 Administration Guide
Switching out of offline protection modeSwitch only if you chose offline protection mode for evaluation or transition purposes when you
first set up your FortiWeb appliance, and now want to transition to a full deployment.
To switch the operation mode
1. Back up your configuration. See “Backups” on page 206.
2. Disconnect all cables from the physical ports except the cable to your management
computer.
3. Reconfigure the network interfaces with the IP addresses and routes that they will need in
their new topology.
4. Re-cable your network topology to match the new mode. See “Planning the network
topology” on page 61.
5. Change the operation mode. See “Setting the operation mode” on page 94.
6. Go to Router > Static > Static Route. If your static routes were erased, re-create them. See
“Adding a gateway” on page 125.
7. Go to System > Network > Interface. If your VLAN configurations were removed, re-create
them. If you chose one of the transparent modes, consider creating a v-zone bridge instead
of VLANs. See “Configuring a bridge (V-zone)” on page 122.
8. Go to Policy > Web Protection Policy > Inline Protection Profile. Create new inline protection
profiles that reference the rules and policies in each of your previous offline protection
profiles. See “Configuring a protection profile for inline topologies” on page 468 and “How
operation mode affects server policy behavior” on page 463.
9. Go to Policy > Server Policy > Server Policy. Edit your existing server policies to reference
the new inline protection profiles instead of the offline protection profiles. See “How
operation mode affects server policy behavior” on page 463.
10.Watch the monitors on the dashboard to make sure traffic is flowing through your appliance
in the new mode.
11.Since there are many possible configuration changes when switching modes, including
additional available protections, don’t forget to retest. Prior testing is no longer applicable.
Back up your system before changing the operation mode. Changing modes deletes
policies not applicable to the new mode, static routes, and V-zone IP addresses. You may also
need to re-cable your network topology to suit the operation mode.