FortiWeb Azure HA Client Public IP

Author
fakrulalam
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/29 00:23:50
  • Status: offline
2019/07/29 00:28:38 (permalink)
0

FortiWeb Azure HA Client Public IP

Hi,
 
I have deployed FortiWeb in HA mode using the following template:
 
https://github.com/fortinetsolutions/Azure-Templates/tree/master/FortiWeb/FortiWeb-VariableHA-2-NIC
 
It's working all fine except in web server logs it's showing ForitWeb internal IP, not Client Public IP. I have tried enabling the option from Server Policy, but after enabling that I can't connect to the WebServer. Is the issue related to Azure Load Balancer which is doing the NAT? Wondering anyone deployed FortiWeb in Azure and can share something.
 
Thanks
#1

2 Replies Related Threads

    Deepak Girimaji_FTNT
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/06/25 01:14:00
    • Status: offline
    Re: FortiWeb Azure HA Client Public IP 2019/07/29 00:48:58 (permalink)
    0
    Hi,
     
    If you are enabling the client real IP option in the server policy, then you need to set FortiWeb as the default gateway on the backend server. Instead, you could configure FortiWeb to include X‑Forwarded-For in the HTTP header before traffic is generated to the backend server. for more information and configuration, please refer the following link:
    https://help.fortinet.com/fweb/610/index.htm#FortiWeb/fortiweb-admin/define_proxies_clients.htm?Highlight=x%20forward
     
    The backend server needs to be configured to read the content in X-forwarded-for header for logging.
     
    I hope this helps.
     
    Regards,
    Deepak
    #2
    Nikhil Chaudhari
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/15 01:05:06
    • Location: Mumbai, India
    • Status: offline
    Re: FortiWeb Azure HA Client Public IP 2019/08/01 03:58:25 (permalink)
    0
    Hi,


    Pls enable X-Forwarded For on server side and also enable on WAF end you will get Real IP in server logs.
     
    Thanks.
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5