Fortinet 492 FortiWeb 5.0 Patch 6 Administration Guide
HTTPS Service Select the custom or predefined service that defines the TCP port
number where the virtual server receives HTTPS traffic. Also configure
Certificate.
Enable if requests from clients to the FortiWeb appliance or protected
hosts use SSL or TLS. SSL 3.0, TLS 1.0, and TLS 1.1 are supported.
See also “Supported cipher suites & protocol versions” on page 279.
When enabled, the FortiWeb appliance handles SSL negotiations and
encryption and decryption, instead of the web servers, also known as
SSL offloading (see “Offloading vs. inspection” on page 277).
Connections between the client and the FortiWeb appliance will be
encrypted. Connections between the FortiWeb appliance and each
web server will be either clear text or encrypted, depending on SSL
Server.
This option appears only if FortiWeb is operating in reverse proxy
mode. (For other operation modes, enable SSL and select a
Certificate File for each web server in the server farm (for SSL
inspection) instead.
Caution: Failure to enable an HTTPS option and provide a certificate
for HTTPS connections will result in the FortiWeb appliance being
unable to decrypt connections, and therefore unable to scan content
in the HTTP body.
Tip: FortiWeb appliances contain specialized hardware to accelerate
SSL processing. Offloading SSL/TLS processing may improve the
performance of secure HTTP (HTTPS) connections.
Physical Server
Port
(under HTTPS
Service)
Type the TCP port number where the physical/domain server listens
for HTTPS web or web services connections. The valid range is from
0 to 65,535.
This option appears only if Deployment Mode is Single Server. (For
other deployment modes, configure Port in the server farm instead.)
SSL Server Enable to use SSL/TLS to encrypt connections from the FortiWeb
appliance to protected web servers. Also configure Certificate and
HTTPS Service.
Disable to pass traffic to protected web servers in clear text.
This option appears in reverse proxy mode when you select an
HTTPS Service, and when Deployment Mode is Single Server. (In
other cases, such as if you set Deployment Mode to Server Balance,
you must enable SSL in the server farm instead, where you can
configure the SSL/TLS connection with each member individually.)
Note: Enable only if the protected web server supports SSL or TLS. If
you are unsure, click SSL Support Test. If you encrypt the connection
but the server does not support it, all requests forwarded to the server
will fail.
Certificate Select the server certificate the FortiWeb appliance will use when
encrypting or decrypting SSL-secured connections, or select Create
New to upload a new certificate in a pop-up window, without leaving
the current page. For more information, see “Uploading a server
certificate” on page 289 and “Offloading vs. inspection” on page 277.
Also configure Certificate Intermediate Group.
This option is applicable only if an HTTPS Service is selected.
Setting name Description