Fortinet 5.0 Patch 6 Topology for reverse proxy mode

Fortinet 63 FortiWeb 5.0 Patch 6 Administration Guide

Required physical topology varies by your choice of operation mode. It also varies

depending on whether you will operate a high availability (HA) cluster of FortiWeb appliances.

You may need to consider 1 or 2 of the next sections:

•Topology for reverse proxy mode

•Topology for either of the transparent modes

•Topology for offline protection mode

•Topologies for high availability (HA) clustering

Topology for reverse proxy mode

This is the default operation mode, and the most common. Most features are supported (see

“Supported features in each operation mode” on page 62).

Page Order Rules Yes Ye s Yes No No

Rewriting / Redirection Yes Ye s Yes No No

Session Management Yes Ye s * Yes * Yes * Yes *

Site Publishing Yes Ye s Yes No No

SSL/TLS Offloading Yes N/A No No No

SSLv3 Support Yes N/A Yes ~Yes ~¶ Yes ~¶

SSLv2 Support Yes N/A No No No

Start Page Enforcement Yes Ye s Yes No No

User Authentication Yes Yes # Yes No No

X-Forwarded-For: Support Yes No No No No

^ Full configuration sync is not supported in reverse proxy mode.

‡ TCP SYN cookie flood prevention is supported.

§ Only the Alert action is supported.

* Requires that your web application have session IDs. See Session Key Word.

~ DSA-encrypted server certificates are not supported.

¶ Diffie-Hellman key exchanges are not supported.

# PKI authentication requires HTTPS.

Tabl e 6 : Feature support that varies by operation mode

Feature Operation mode

Reverse

proxy

True transparent

proxy

Transparent

inspection

Offline

protection

HTTP HTTPS