fortiweb

 

 

 


Fortiweb on AWS

 

Panel: https://Public DNS:8443

SSH: 22

Default login credentials are with a username of "admin" and the AWS Instance ID value as the password.

 


Firewall

 

它是個簡單 firewall 來, 只提供基本功能

V6.3.2

Default Action

For Default Action, select one of the following:

Deny—Firewall blocks traffic that does not match a policy rule.

However, administrative access is still allowed on network interfaces for which it has been configured.

Firewall FWMARK policy

The FWMARK policy allows you to mark the traffic coming in FortiWeb.

Using it together with policy route, you can direct the marked traffic to go out of FortiWeb

through a specified interface or/and to a specified next-hop gateway.

DNAT

To apply Firewall DNAT Policy, enable IP Forward in CLI config router setting.

get router setting

ip-forward          : disable
ip6-forward         : disable

set

config router setting
    set ip-forward enable
end

 


Virtual Server

 

It is not an actual server, but simply defines the listening network interface.

It includes a specialized proxy that only picks up HTTP and HTTPS.

IP 選項

  • Virtual IP
  • Use Interface IP

 


Setting

 

config waf ip-list

--- URL

config waf url-access url-access-rule

config waf url-access url-access-policy

--- Network

config waf http-request-flood-prevention-rule

config waf http-connection-flood-check-rule

config waf layer4-access-limit-rule

--- CA

config system certificate ca

--- Method

config waf allow-method-policy

config waf input-rule

---

config waf start-pages

--- inline

config waf web-protection-profile inline-protection

--- replace

config system replacemsg

--- cookie

config waf cookie-security

---

設定順序

  1. config server-policy vserver
  2. config server-policy server-pool
  3. config server-policy policy