HTTP/2 support

If the FortiWeb is deployed in Reverse Proxy (see Topology for reverse proxy mode) or True Transparent Proxy (see Topology for either of the transparent modes) mode, HTTP/2 web communication can be protected by the following FortiWeb's security services:

Note that the HTTP/2 traffic will bypass the other security services (even if the services are well-configured).

How to enable HTTP/2 support
Deployment in Reverse Proxy mode

When the FortiWeb is operating in Reverse Proxy mode, it provides the end-to-end HTTP/2 security which requires both clients and back-end servers running HTTP/2. Moreover, if the back web servers do not support HTTP/2, FortiWeb (in Reverse Proxy mode) providers the HTTP/2 protections also with conversion protocols between HTTP/2 clients and HTTP/1.1 back-end servers. This allows customers to enjoy HTTP/2 benefits without having to upgrade their back web servers. Therefore, when the FortiWeb is operating in Reverse Proxy mode, it requires two necessary configurations for the HTTP/2 security:

When FortiWeb operates in Reverse Proxy mode, HTTP Content Routing (see Routing based on HTTP content) will be not supported if HTTP/2 security inspection is enabled.
Deployment in True Transparent Proxy mode

Conversion between HTTP/2 clients and HTTP/1.1 back-end servers is not available when the FortiWeb is operating in True Transparent Proxy mode. Therefore, FortiWeb's HTTP/2 inspection must work with the back web servers that really support HTTP/2. When your FortiWeb is operating in True Transparent Proxy mode, only one configuration is required to enable the HTTP/2 support:

Note that FortiWeb only supports HTTP/2 for HTTPS (SSL) connections (most browsers support HTTP/2 for only HTTPS). Therefore, for deployment in Reverse Proxy or True Transparent Proxy mode, HTTPS or SSL on the FortiWeb must be enabled for HTTP/2.