Once the FortiWeb appliance is mounted and powered on, you have physically connected the FortiWeb appliance to your overall network, and you have connected to either the FortiWeb appliance’s web UI or CLI, you must configure the operation mode.
You will usually set the operation mode once, during installation or when using the Setup Wizard. Exceptions include if you install the FortiWeb appliance in offline protection mode for evaluation or transition purposes, before deciding to switch to another mode for more feature support in a permanent deployment. (See also Switching out of offline protection mode.)
|
|
The physical topology must match the operation mode. For details, see Planning the network topology and How to choose the operation mode. |
|
Back up your configuration before changing the operation mode. (See Backups.) Changing modes deletes any policies not applicable to the new mode, all static routes, V-zone IPs, TCP SYN flood protection settings, and VLANs. You also must re-cable your network topology to suit the operation mode, unless you are switching between the two transparent modes, which have similar network topology requirements. |
1. Go to System > Config > Operation.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.
Alternatively, go to System > Status > Status, then, in the System Information widget, next to Operation Mode, click Change.
2. From Operation Mode, select one of the following modes:
For details, see How to choose the operation mode.
If you are changing to true transparent proxy, transparent inspection mode, or WCCP, also configure Default Gateway with the IP address of the next hop router and specify the Management IP value. FortiWeb assigns this management IP address to port1.
3. Click Apply.
4. If you have not yet adjusted the physical topology to suit the new operation mode, see Planning the network topology. You may also need to reconfigure IP addresses, static routes, bridges, and virtual servers, and enable or disable SSL on your web servers.
|
|
Back up your configuration before changing the operation mode. (See Backups.) Changing modes deletes any policies not applicable to the new mode, all static routes, V-zone IPs, and VLANs. You may also need to re-cable your network topology to suit the operation mode. Exceptions may include switching between the two transparent modes, which have similar network topology requirements. |
1. Enter the following commands:
config system settings
set opmode {offline‑protection | reverse-proxy | transparent | transparent‑inspection | wccp}
end
where {offline‑protection | reverse-proxy | transparent | transparent‑inspection| wccp} specifies the operation mode.
2. If you are changing to true transparent proxy, transparent inspection, or WCCP mode, also enter the following commands:
config system settings
set gateway <gateway_ipv4>
end
where <gateway_ipv4> is the IP address of the gateway router (see Adding a gateway).
FortiWeb will use the gateway setting to create a corresponding static route under config router static with the first available index number. Packets will egress through port1, the hard-coded management network interface for the transparent and WCCP operation modes.
3. If you have not yet adjusted the physical topology to suit the new operation mode, see Planning the network topology. You may also need to reconfigure IP addresses, static routes, bridges, and virtual servers, and enable or disable SSL/TLS on your web servers.