Fortinet 485 FortiWeb 5.0 Patch 6 Administration Guide
• If the policy will govern secure connections via HTTPS, you must upload the web server’s
certificate, define a certificate verification rule, and possibly also an intermediate CA
certificate group. See “Secure connections (SSL/TLS)” on page 277.
• Define your web servers by configuring either physical servers or domain servers. See
“Defining your web server by its IP address” on page 251 and “Defining your web server
by its DNS domain name” on page 253. If you want to distribute connections among
them, group them into a server farm. See “Grouping your web servers into server farms”
on page 256.
• Define one or more host names or IP addresses if you want to accept or deny requests
based upon the Host: field in the HTTP header. See ““Defining your protected/allowed
HTTP “Host:” header names” on page 249.
• Configure a virtual server or V-zone to receive traffic on the FortiWeb appliance. See
“Configuring virtual servers on your FortiWeb” on page 272 or “Configuring a bridge
(V-zone)” on page 122.
• Configure an inline or offline (out-of-band) protection profile. See “Configuring a
protection profile for inline topologies” on page 468 (any mode except offline protection),
“Configuring a protection profile for an out-of-band topology or asynchronous mode of
operation” on page 477 (offline protection mode only).
• If you want the FortiWeb appliance to gather auto-learning data, either configure an
auto-learning profile and its required components or use the default. See “Running
auto-learning” on page 180.
• If you want to present a customized error page when a request is denied by a protection
profile, upload the error page. See “Uploading a custom error page” on page 467.
2. Go to Policy > Server Policy > Server Policy.
To access this part of the web UI, your administrator account’s access profile must have
Read and Write permission to items in the Server Policy Configuration category. For details,
see “Permissions” on page 47.
3. Click Create New.
A dialog appears. Available options vary by the operation mode.
To save time, you may be able to use auto-learning to generate protection profiles and
their components by observing your web servers’ traffic. For details, see “Auto-learning”
on page 151.