Fortinet 3 FortiWeb 5.0 Patch 6 Administration Guide
Table of contents

Introduction..................................................................................................... 13

Benefits.................................................................................................................. 13
Architecture ........................................................................................................... 14
Scope..................................................................................................................... 14

What’s new...................................................................................................... 16

Documentation enhancements.............................................................................. 21

Key concepts.................................................................................................. 22

Workflow................................................................................................................ 22
Sequence of scans................................................................................................ 23
Solutions for specific web attacks......................................................................... 27
HTTP/HTTPS threats ....................................................................................... 27
DoS attacks ..................................................................................................... 32
HTTP sessions & security...................................................................................... 34
FortiWeb sessions vs. web application sessions ............................................ 37
Sessions & FortiWeb HA.................................................................................. 39
Example: Magento & FortiWeb sessions during failover........................... 39
HA heartbeat & synchronization............................................................................ 40
Data that is not synchronized by HA............................................................... 41
Configuration settings that are not synchronized by HA................................. 42
How HA chooses the active appliance............................................................ 44
How to use the web UI.......................................................................................... 45
System requirements....................................................................................... 45
URL for access ................................................................................................ 45
Workflow.......................................................................................................... 46
Permissions...................................................................................................... 47
Trusted hosts............................................................................................. 51
Maximum concurrent administrator sessions.................................................. 51
Global web UI & CLI settings........................................................................... 51
Buttons, menus, & the displays....................................................................... 55
Deleting entries.......................................................................................... 57
Renaming entries....................................................................................... 58
Shutdown............................................................................................................... 58

How to set up your FortiWeb......................................................................... 60

Appliance vs. VMware........................................................................................... 60
Registering your FortiWeb..................................................................................... 60