Fortinet 5.0 Patch 6 Defining your web servers & load balancers............................................. 248, Secure connections (SSL/TLS) ................................................................... 277

FortinetFortinet 6 FortiWeb 5.0 Patch 6 Administration Guide

Users.............................................................................................................. 221

Authentication styles............................................................................................ 221

Via the “Authorization:” header in the HTTP/HTTPS protocol....................... 221

Via forms embedded in the HTML................................................................. 222

Via a personal certificate................................................................................ 224

Offloading HTTP authentication & authorization ................................................. 225

Configuring local end-user accounts............................................................. 227

Configuring queries for remote end-user accounts....................................... 228

Configuring LDAP queries........................................................................ 228

Configuring RADIUS queries.................................................................... 233

Configuring NTLM queries....................................................................... 235

Grouping users .............................................................................................. 236

Applying user groups to an authorization realm............................................ 238

Grouping authorization rules.................................................................... 240

Single sign-on (SSO)............................................................................................ 243

Example: Enforcing complex passwords ............................................................ 247

Defining your web servers & load balancers............................................. 248

Protected web servers vs. protected/allowed host names................................. 248

Defining your protected/allowed HTTP “Host:” header names........................... 249

Defining your web servers................................................................................... 251

Defining your web server by its IP address ................................................... 251

Defining your web server by its DNS domain name...................................... 253

Configuring server up/down checks.............................................................. 254

Grouping your web servers into server farms................................................ 256

Routing based upon URL or “Host:” name.............................................. 262

Example: Routing according to URL/path............................................... 265

Example: Routing according to the HTTP “Host:” field........................... 265

Defining your proxies, clients, & X-headers......................................................... 266

Indicating the original client’s IP to back-end web servers........................... 267

Indicating to back-end web servers that the client’s request was HTTPS.... 269

Blocking the attacker’s IP, not your load balancer........................................ 269

Configuring virtual servers on your FortiWeb...................................................... 272

Defining your network services............................................................................ 274

Defining custom services............................................................................... 274

Predefined services ....................................................................................... 275

Enabling or disabling traffic forwarding to your servers...................................... 275

Secure connections (SSL/TLS) ................................................................... 277

Offloading vs. inspection..................................................................................... 277

Supported cipher suites & protocol versions ...................................................... 279

Uploading trusted CAs’ certificates..................................................................... 280

Grouping trusted CAs’ certificates ................................................................ 282