FortinetFortinet 6 FortiWeb 5.0 Patch 6 Administration Guide
Users.............................................................................................................. 221
Authentication styles............................................................................................ 221
Via the “Authorization:” header in the HTTP/HTTPS protocol....................... 221
Via forms embedded in the HTML................................................................. 222
Via a personal certificate................................................................................ 224
Offloading HTTP authentication & authorization ................................................. 225
Configuring local end-user accounts............................................................. 227
Configuring queries for remote end-user accounts....................................... 228
Configuring LDAP queries........................................................................ 228
Configuring RADIUS queries.................................................................... 233
Configuring NTLM queries....................................................................... 235
Grouping users .............................................................................................. 236
Applying user groups to an authorization realm............................................ 238
Grouping authorization rules.................................................................... 240
Single sign-on (SSO)............................................................................................ 243
Example: Enforcing complex passwords ............................................................ 247
Defining your web servers & load balancers............................................. 248
Protected web servers vs. protected/allowed host names................................. 248
Defining your protected/allowed HTTP “Host:” header names........................... 249
Defining your web servers................................................................................... 251
Defining your web server by its IP address ................................................... 251
Defining your web server by its DNS domain name...................................... 253
Configuring server up/down checks.............................................................. 254
Grouping your web servers into server farms................................................ 256
Routing based upon URL or “Host:” name.............................................. 262
Example: Routing according to URL/path............................................... 265
Example: Routing according to the HTTP “Host:” field........................... 265
Defining your proxies, clients, & X-headers......................................................... 266
Indicating the original client’s IP to back-end web servers........................... 267
Indicating to back-end web servers that the client’s request was HTTPS.... 269
Blocking the attacker’s IP, not your load balancer........................................ 269
Configuring virtual servers on your FortiWeb...................................................... 272
Defining your network services............................................................................ 274
Defining custom services............................................................................... 274
Predefined services ....................................................................................... 275
Enabling or disabling traffic forwarding to your servers...................................... 275
Secure connections (SSL/TLS) ................................................................... 277
Offloading vs. inspection..................................................................................... 277
Supported cipher suites & protocol versions ...................................................... 279
Uploading trusted CAs’ certificates..................................................................... 280
Grouping trusted CAs’ certificates ................................................................ 282