Fortinet 65 FortiWeb 5.0 Patch 6 Administration Guide
which is connected to the web servers. The FortiWeb appliance provides load-balancing
between the two web servers.
Topology for either of the transparent modes
No changes to the IP address scheme of the network are required. Requests are destined
for a web server, not the FortiWeb appliance. More features are supported than offline
protection mode, but fewer than reverse proxy, and may vary if you use HTTPS (see also
“Supported features in each operation mode” on page 62).
Unlike with reverse proxy mode, with both transparent modes, web servers will see the source
IP address of clients.
You can configure VLAN subinterfaces on FortiWeb, or omit IP address configuration entirely
and instead assign a network port to be a part of a Layer 2-only bridge.
Alternatively, you could connect the web servers directly to the FortiWeb appliance: Web Server
1 could have been connected to port3, and Web Server 2 could have been connected to port4.
Virtual servers can be on the same subnet as physical servers. This configuration creates a
one-arm HTTP proxy. For example, the virtual server 10.0.0.1/24 could forward to the physical
server 10.0.0.2.
However, this is not recommended. Unless your network’s routing configuration prevents it, it
could allow clients that are aware of the physical server’s IP address to bypass the FortiWeb
appliance by accessing the physical server directly.
In both transparent modes, the appliance will forward non-HTTP/HTTPS protocols. (That is,
routing/IP-based forwarding for unscanned protocols is supported.) This facilitates
pass-through of other protocols such as FTP that may be necessary for a true drop-in,
transparent solution.