To apply policies correctly and log accurately, it is important that FortiWeb is aware of certain other points on your network.
To scan traffic for your web servers, first FortiWeb must know which IP addresses and HTTP Host:
names to protect. If there are proxies and load balancers in the network stream between your client and your FortiWeb, you will also want to define them. Likewise, if your web servers have features that operate using the source IP address of a client, you may also need to configure FortiWeb to pass that information to your web servers.
Without these definitions, FortiWeb will not know many things, such as requests are for invalid host names, which source IP addresses are external load balancers instead of clients, and which headers it should use to transmit the client’s original source IP address to your web servers. This can cause problems with logging, reports, other FortiWeb features, and server-side features that require the client’s IP address.