Fortinet 496 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
The server policy appears in the list on Policy > Server Policy > Server Policy. Initially, it is
enabled. For information on disabling a policy without deleting it, see “Enabling or disabling
a policy” on page 497.
Legitimate traffic should now be able to flow, while policy-violating traffic (that is, traffic that
is prohibited by the settings in your policy or protection profile) may be blocked, depending
on your Action settings for the rule that the traffic has violated.
6. To verify the policy, test it by forming connections between legitimate clients and servers at
various points within your network topology. Also attempt to send traffic that violates your
policy, and should be logged, modified, or blocked.
If a connection fails, you can use tools included in the firmware to determine whether the
problem is local to the appliance or elsewhere on the network. See “Troubleshooting” on
page 630 and “Reducing false positives” on page 624. Also consider troubleshooting
recommendations included with each feature’s instructions.
Load Balancing
Algorithm
Select which load-balancing algorithm to use when distributing new
connections amongst web servers in the server farm. This option
appears only if Deployment Mode is Server Balance.
•Round Robin — Distributes new TCP connections to the next
web server in the server farm, regardless of weight, response time,
traffic load, or number of existing connections. Unresponsive
servers are avoided.
•Weighted Round Robin — Distributes new TCP connections
using the round robin method, except that web servers with a
higher weight value will receive a larger percentage of
connections.
•Least Connection — Distributes new TCP connections to the
web server with the fewest number of existing, fully-formed TCP
connections.
•HTTP session based Round Robin — Distributes new TCP
connections, if they are not associated with an existing HTTP
session, to the next web server in the server farm, regardless of
weight, response time, traffic load, or number of existing
connections. Unresponsive servers are avoided.
Note: Session management is not enabled automatically when
you enable this feature, and therefore it requires that you enable
Session Management in the web protection profile.
Comments Type a description or other comment. The description may be up to
35 characters long.
Setting name Description
Whitelisted items will not be included in policy enforcement. See “Configuring the global
object white list” on page 464.
If you have another FortiWeb appliance, you can use its web vulnerability scanner to verify that
your policy is blocking attacks as you expect. For details, see “Vulnerability scans” on
page 505.