Fortinet 5.0 Patch 6

Fortinet 496 FortiWeb 5.0 Patch 6 Administration Guide

5. Click OK.

The server policy appears in the list on Policy > Server Policy > Server Policy. Initially, it is

enabled. For information on disabling a policy without deleting it, see “Enabling or disabling

a policy” on page 497.

Legitimate traffic should now be able to flow, while policy-violating traffic (that is, traffic that

is prohibited by the settings in your policy or protection profile) may be blocked, depending

on your Action settings for the rule that the traffic has violated.

6. To verify the policy, test it by forming connections between legitimate clients and servers at

various points within your network topology. Also attempt to send traffic that violates your

policy, and should be logged, modified, or blocked.

If a connection fails, you can use tools included in the firmware to determine whether the

problem is local to the appliance or elsewhere on the network. See “Troubleshooting” on

page 630 and “Reducing false positives” on page 624. Also consider troubleshooting

recommendations included with each feature’s instructions.

Load Balancing

Algorithm

Select which load-balancing algorithm to use when distributing new

connections amongst web servers in the server farm. This option

appears only if Deployment Mode is Server Balance.

•Round Robin — Distributes new TCP connections to the next

web server in the server farm, regardless of weight, response time,

traffic load, or number of existing connections. Unresponsive

servers are avoided.

•Weighted Round Robin — Distributes new TCP connections

using the round robin method, except that web servers with a

higher weight value will receive a larger percentage of

connections.

•Least Connection — Distributes new TCP connections to the

web server with the fewest number of existing, fully-formed TCP

connections.

•HTTP session based Round Robin — Distributes new TCP

connections, if they are not associated with an existing HTTP

session, to the next web server in the server farm, regardless of

weight, response time, traffic load, or number of existing

connections. Unresponsive servers are avoided.

Note: Session management is not enabled automatically when

you enable this feature, and therefore it requires that you enable

Session Management in the web protection profile.

Comments Type a description or other comment. The description may be up to

35 characters long.

Setting name Description

Whitelisted items will not be included in policy enforcement. See “Configuring the global

object white list” on page 464.

If you have another FortiWeb appliance, you can use its web vulnerability scanner to verify that

your policy is blocking attacks as you expect. For details, see “Vulnerability scans” on

page 505.