Fortinet 5.0 Patch 6

Fortinet 492 FortiWeb 5.0 Patch 6 Administration Guide

HTTPS Service Select the custom or predefined service that defines the TCP port

number where the virtual server receives HTTPS traffic. Also configure

Certificate.

Enable if requests from clients to the FortiWeb appliance or protected

hosts use SSL or TLS. SSL 3.0, TLS 1.0, and TLS 1.1 are supported.

See also “Supported cipher suites & protocol versions” on page 279.

When enabled, the FortiWeb appliance handles SSL negotiations and

encryption and decryption, instead of the web servers, also known as

SSL offloading (see “Offloading vs. inspection” on page 277).

Connections between the client and the FortiWeb appliance will be

encrypted. Connections between the FortiWeb appliance and each

web server will be either clear text or encrypted, depending on SSL

Server.

This option appears only if FortiWeb is operating in reverse proxy

mode. (For other operation modes, enable SSL and select a

Certificate File for each web server in the server farm (for SSL

inspection) instead.

Caution: Failure to enable an HTTPS option and provide a certificate

for HTTPS connections will result in the FortiWeb appliance being

unable to decrypt connections, and therefore unable to scan content

in the HTTP body.

Tip: FortiWeb appliances contain specialized hardware to accelerate

SSL processing. Offloading SSL/TLS processing may improve the

performance of secure HTTP (HTTPS) connections.

Physical Server

Port

(under HTTPS

Service)

Type the TCP port number where the physical/domain server listens

for HTTPS web or web services connections. The valid range is from

0 to 65,535.

This option appears only if Deployment Mode is Single Server. (For

other deployment modes, configure Port in the server farm instead.)

SSL Server Enable to use SSL/TLS to encrypt connections from the FortiWeb

appliance to protected web servers. Also configure Certificate and

HTTPS Service.

Disable to pass traffic to protected web servers in clear text.

This option appears in reverse proxy mode when you select an

HTTPS Service, and when Deployment Mode is Single Server. (In

other cases, such as if you set Deployment Mode to Server Balance,

you must enable SSL in the server farm instead, where you can

configure the SSL/TLS connection with each member individually.)

Note: Enable only if the protected web server supports SSL or TLS. If

you are unsure, click SSL Support Test. If you encrypt the connection

but the server does not support it, all requests forwarded to the server

will fail.

Certificate Select the server certificate the FortiWeb appliance will use when

encrypting or decrypting SSL-secured connections, or select Create

New to upload a new certificate in a pop-up window, without leaving

the current page. For more information, see “Uploading a server

certificate” on page 289 and “Offloading vs. inspection” on page 277.

Also configure Certificate Intermediate Group.

This option is applicable only if an HTTPS Service is selected.

Setting name Description