Fortinet 273 FortiWeb 5.0 Patch 6 Administration Guide
When the FortiWeb appliance receives traffic destined for a virtual server, it can then forward the
traffic to a web server or a server farm. The FortiWeb appliance identifies traffic as being
destined for a specific virtual server if:
• the traffic arrives on the network interface or bridge associated with the virtual server
• for reverse proxy mode, the destination address is the IP address of a virtual server (the
destination IP address is ignored in other operation modes, except that it must not be
identical with the web server’s IP address)
To configure a virtual server
1. Go to Server Objects > Server > Virtual Server.
Each server entry includes an Enable check box, marked by default. Clear this check box if
you need to disable the server. See “Enabling or disabling traffic forwarding to your servers”
on page 275.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Server Policy Configuration category. For details,
see “Permissions” on page 47.
2. Click Create New.
A dialog appears.
3. In Name, type a unique name that can be referenced by other parts of the configuration. Do
not use spaces or special characters. The maximum length is 35 characters.
4. In IP Address, type the IP address and subnet of the virtual server.
If the FortiWeb appliance is operating in offline protection mode or either of the transparent
modes, this IP address is ignored when deciding whether or not to apply a server policy to
the connection, and can therefore be any IP address. There is one exception: it must not be
identical to the web server. If the virtual server’s IP is identical to the real web server, the
configuration will not function.
Virtual servers can be on the same subnet as real web servers. This configuration creates a
one-arm HTTP proxy. For example, the virtual server 10.0.0.1/24 could forward to the web
server 10.0.0.2.
However, this is not recommended. Unless your network’s routing configuration prevents it, it
could allow clients that are aware of the web server’s IP address to bypass the FortiWeb
appliance by accessing the real web server directly.
If a policy has any virtual servers with IPv6 addresses, it will not apply features that do not
yet support IPv6, even if they are selected.