Hot!fortiweb deployment question

Author
dirkdigs
Gold Member
  • Total Posts : 123
  • Scores: 4
  • Reward points: 0
  • Joined: 2013/09/18 09:03:51
  • Status: offline
2019/04/17 06:55:01 (permalink)
0

fortiweb deployment question

hello i have a IIS web server currently connected to dmz interface on a Cisco ASA. 
I will be adding a fortiWEB VM . (Everything is virtual)
DO i setup an interface on my fortiWEB in the same DMZ and then do i need to create a new subnet , set that as a 2nd interface on the fortiWEB and move my IIS web server to this new subnet? 
 
Ii this correct?
 
Also i believe on my fortiWEB i create a virtual server IP using the original IP address of my IIS webserver AKA the old IP address from the DMZ subnet?
 
Thanks ,
#1

2 Replies Related Threads

    abelio
    Expert Member
    • Total Posts : 3642
    • Scores: 55
    • Reward points: 0
    • Joined: 2005/03/31 13:28:59
    • Location: Buenos Aires, Argentina
    • Status: offline
    Re: fortiweb deployment question 2019/04/17 13:54:01 (permalink)
    0
    Hello Jason
    it depends on deployment mode actually.
     
    Assuming you'll go for the most used, reverse-proxy mode, if you configure for instance fortiweb port1 belonging to that DMZ, you'll need renumerate your IIS webservers IP address and connect all these 'behind' another WAF interface.
     
    On the hand, if you adopt some of the transparent modes available, you could avoid renumerate, but (maybe) the whole setup became a little bit more complex, using v-bridge.
     
     
     
     
     
     
     

    regards
    --
    Abel
    #2
    dirkdigs
    Gold Member
    • Total Posts : 123
    • Scores: 4
    • Reward points: 0
    • Joined: 2013/09/18 09:03:51
    • Status: offline
    Re: fortiweb deployment question 2019/04/17 15:18:48 (permalink)
    0
    thanks for the reply. yes i was going to use reverse proxy mode. 
     
    i will re-ip the webserver . thank you .
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5