Example 2: Configuring a policy for HTTPS

How to set up your FortiWeb : Configuring basic policies : Example 2: Configuring a policy for HTTPS

If you want to protect a single HTTPS web server, and the FortiWeb appliance is operating in reverse proxy mode, configuration is similar to Example 1: Configuring a policy for HTTP via auto-learning. (Optionally, you can configure a server policy that includes both an HTTP service and an HTTPS service.)

To be able to scan secure traffic, however, you must also configure FortiWeb to decrypt it, and therefore must provide it with the server’s certificate and private key.

To configure an HTTPS policy

1. Upload a copy of the web server’s certificate (System > Certificates > Local).

2. Configure a policy and profiles according to “Example 1: Configuring a policy for HTTP via auto-learning”, except for auto-learning, which you will postpone until these steps are complete.

3. Modify the server policy (Policy > Server Policy > Server Policy).

• In HTTPS Service, select the predefined HTTPS service.

• In Certificate, select your web server’s certificate. Also select, if applicable, Certificate Verification and Certificate Intermediate Group.

Traffic should now pass through the FortiWeb appliance to your server. If it does not, see “Troubleshooting”.