Fortinet 5.0 Patch 6

Fortinet 484 FortiWeb 5.0 Patch 6 Administration Guide

Server policies:

• Block or allow connections

• Apply a protection profile that specifies how FortiWeb will scan or process the HTTP/HTTPS

requests that it allows

• Route or let pass traffic to destination web servers

• Optionally, use an auto-learning profile to gather additional information about your

HTTP/HTTPS traffic for use as guidance when modifying the policy or profiles

Until you configure and enable at least one policy, FortiWeb will, by default:

•when in reverse proxy mode, deny all traffic.

•when in other operation modes, allow all traffic.

Server policy behavior and supported features vary by operation mode. For details, see “How

operation mode affects server policy behavior” on page 463. It also varies by whether or not the

policy uses IPv6 addresses.

To achieve more complex policy behaviors and routing, you can chain multiple policies together.

See “Defining your web servers” on page 251.

To configure a policy

1. Before you configure a policy, you usually should first configure any of the following that you

must, or want to, include in the policy:

If a policy has any virtual servers, physical servers, or domain servers with IPv6 addresses, it

will not apply features that do not yet support IPv6, even if they are selected.

There is a limit to the number of server policies you can create. The limit varies with the model

of your FortiWeb appliance. For details, see “Appendix B: Maximum configuration values” on

page 669.

Do not configure policies unless they will be used. FortiWeb allocates memory with each server

policy, regardless of whether it is actually in active use. Configuring extra policies will

unnecessarily consume memory and decrease performance.

Alternatively, you can create missing components on-the-fly while configuring the policy,

without leaving the page. To do this, select Create New from each policy component’s

drop-down menu.

However, when creating many components, you may save time by leaving the policy page,

going to the other menu areas, and creating similar profiles by cloning, then modifying each

clone.

Generally speaking, policies tie other components together and apply them to client’s

connections with your web servers. As such, they should be configured last. See “Workflow”

on page 46.