Fortinet 63 FortiWeb 5.0 Patch 6 Administration Guide

Matching topology with operation mode & HA mode

Required physical topology varies by your choice of operation mode. It also varies
depending on whether you will operate a high availability (HA) cluster of FortiWeb appliances.
You may need to consider 1 or 2 of the next sections:
Topology for reverse proxy mode
Topology for either of the transparent modes
Topology for offline protection mode
Topologies for high availability (HA) clustering
Topology for reverse proxy mode
This is the default operation mode, and the most common. Most features are supported (see
“Supported features in each operation mode” on page 62).
Page Order Rules Yes Ye s Yes No No
Rewriting / Redirection Yes Ye s Yes No No
Session Management Yes Ye s * Yes * Yes * Yes *
Site Publishing Yes Ye s Yes No No
SSL/TLS Offloading Yes N/A No No No
SSLv3 Support Yes N/A Yes ~Yes ~ Yes ~
SSLv2 Support Yes N/A No No No
Start Page Enforcement Yes Ye s Yes No No
User Authentication Yes Yes # Yes No No
X-Forwarded-For: Support Yes No No No No
^ Full configuration sync is not supported in reverse proxy mode.
TCP SYN cookie flood prevention is supported.
§ Only the Alert action is supported.
* Requires that your web application have session IDs. See Session Key Word.
~ DSA-encrypted server certificates are not supported.
¶ Diffie-Hellman key exchanges are not supported.
# PKI authentication requires HTTPS.
Tabl e 6 : Feature support that varies by operation mode
Feature Operation mode
Reverse
proxy
True transparent
proxy
Transparent
inspection
Offline
protection
HTTP HTTPS