Fortinet 62 FortiWeb 5.0 Patch 6 Administration Guide
Because this is such a pivotal factor, consider the implications carefully before you make
your choice. It can be time-consuming to reconfigure your network if you switch modes later.
Supported features in each operation modeMany features work regardless of the operation mode that you choose. For some features,
support varies by the operation mode and, in some cases, varies by HTTP or HTTPS protocol.
SSL/TLS, for example, inherently requires HTTPS. Similarly, rewriting inherently requires an
inline topology and synchronous processing, and therefore is only supported in modes that
work that way.
For the broadest feature support, choose reverse proxy mode.
If you require a feature that is not supported in your chosen operation mode, such as DoS
protection or SSL/TLS offloading, your web server or another network appliance will need to be
configured to provide that feature. The table below lists the features that are not universally
supported in all modes/protocols.
If you are not sure which operation mode is best for you, you can deploy in offline protection
mode temporarily. This will allow you to implement some features and gather auto-learning data
while you decide.
Tabl e 6 : Feature support that varies by operation mode
Feature Operation mode
Reverse
proxy
True transparent
proxy
Transparent
inspection
Offline
protection
HTTP HTTPS
Bridges / V-zones No Yes Ye s Yes No
Client Certificate Verification Yes Ye s Yes No No
Config. Sync
(Non-HA)
Yes ^Ye s Yes Yes Ye s
Cookie Poisoning Prevention Yes Yes Ye s No No
DoS Protection Yes Ye s Yes No ‡ No ‡
Error Page Customization Yes Ye s Yes No No
Fail-to-wire No Yes Ye s Yes No
File Compression Ye s Yes Yes No No
Hidden Input Constraints Yes Ye s Yes No No
HA Yes Ye s Yes Yes No
Information Disclosure
Prevention
(Anti-Server Fingerprinting)
Yes Ye s Yes Yes § Yes