Fortinet 5.0 Patch 6

Fortinet 273 FortiWeb 5.0 Patch 6 Administration Guide

When the FortiWeb appliance receives traffic destined for a virtual server, it can then forward the

traffic to a web server or a server farm. The FortiWeb appliance identifies traffic as being

destined for a specific virtual server if:

• the traffic arrives on the network interface or bridge associated with the virtual server

• for reverse proxy mode, the destination address is the IP address of a virtual server (the

destination IP address is ignored in other operation modes, except that it must not be

identical with the web server’s IP address)

To configure a virtual server

1. Go to Server Objects > Server > Virtual Server.

Each server entry includes an Enable check box, marked by default. Clear this check box if

you need to disable the server. See “Enabling or disabling traffic forwarding to your servers”

on page 275.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Server Policy Configuration category. For details,

see “Permissions” on page 47.

2. Click Create New.

A dialog appears.

3. In Name, type a unique name that can be referenced by other parts of the configuration. Do

not use spaces or special characters. The maximum length is 35 characters.

4. In IP Address, type the IP address and subnet of the virtual server.

If the FortiWeb appliance is operating in offline protection mode or either of the transparent

modes, this IP address is ignored when deciding whether or not to apply a server policy to

the connection, and can therefore be any IP address. There is one exception: it must not be

identical to the web server. If the virtual server’s IP is identical to the real web server, the

configuration will not function.

Virtual servers can be on the same subnet as real web servers. This configuration creates a

one-arm HTTP proxy. For example, the virtual server 10.0.0.1/24 could forward to the web

server 10.0.0.2.

However, this is not recommended. Unless your network’s routing configuration prevents it, it

could allow clients that are aware of the web server’s IP address to bypass the FortiWeb

appliance by accessing the real web server directly.

If a policy has any virtual servers with IPv6 addresses, it will not apply features that do not

yet support IPv6, even if they are selected.