Example 1: Configuring a policy for HTTP via auto-learning
In the simplest scenario, if you want to protect a single, basic web server (that is, it does not use HTTPS) while the FortiWeb is operating as a reverse proxy, you can save time configuring your policy by using the auto-learning feature.
To generate profiles and apply them in a policy
1. Create a virtual server on the FortiWeb appliance (Server Objects > Server > Virtual Server). When used by a policy, it receives traffic from clients.
2. Define your web server within a Single Server server pool using its IP address or domain name (Server Objects > Server > Server Pool). When used by a policy, a server pool defines the IP address of the web server that FortiWeb forwards accepted client traffic to.
3. Create a new policy (Policy > Server Policy > Server Policy).
• In Name, type a unique name for the policy.
Traffic should now pass through the FortiWeb appliance to your server. If it does not, see
“Troubleshooting”. Auto-learning gathers data based upon the characteristics of requests and responses that it observes.
4. Use the auto-learning report to determine whether auto-learning has observed enough URLs, parameters, and attacks (
Auto Learn > Auto Learn Report > Auto Learn Report; see
“Auto-learning”).
5. Generate an initial configuration (Auto Learn > Auto Learn Report > Auto Learn Report then click Generate Config).
6. If necessary, modify the generated profiles to suit your security policy.