Setting the operation mode
Once the FortiWeb appliance is mounted and powered on, you have physically connected the FortiWeb appliance to your overall network, and you have connected to either the FortiWeb appliance’s web UI or CLI, you must configure the operation mode.
You will usually set the operation mode once, during installation or when using the Setup Wizard. Exceptions include if you install the FortiWeb appliance in offline protection mode for evaluation or transition purposes, before deciding to switch to another mode for more feature support in a permanent deployment. (See also
“Switching out of offline protection mode”.)
To configure the operation mode via the web UI
| Back up your configuration before changing the operation mode. (See “Backups”.) Changing modes deletes any policies not applicable to the new mode, all static routes, V-zone IPs, TCP SYN flood protection settings, and VLANs. You also must re-cable your network topology to suit the operation mode, unless you are switching between the two transparent modes, which have similar network topology requirements. |
1. Go to System > Config > Operation.
To access this part of the web UI, your administrator's account access profile must have
Read and
Write permission to items in the
System Configuration category. For details, see
“Permissions”.
Alternatively, go to System > Status > Status, then, in the System Information widget, next to Operation Mode, click Change.
2. From Operation Mode, select one of the following modes:
• Reverse Proxy
• Offline Protection
• True Transparent Proxy
• Transparent Inspection
If you are changing to true transparent proxy or transparent inspection mode, also configure Default Gateway with the IP address of the next hop router, and configure Management IP with the IP address of port1.
3. Click Apply.
4. If you have not yet adjusted the physical topology to suit the new operation mode, see
“Planning the network topology”. You may also need to reconfigure IP addresses, static routes, bridges, and virtual servers, and enable or disable SSL on your web servers.
To configure the operation mode via the CLI
| Back up your configuration before changing the operation mode. (See “Backups”.) Changing modes deletes any policies not applicable to the new mode, all static routes, V-zone IPs, and VLANs. You may also need to re-cable your network topology to suit the operation mode. Exceptions may include switching between the two transparent modes, which have similar network topology requirements. |
1. Enter the following commands:
config system settings
set opmode {offline‑protection | reverse-proxy | transparent | transparent‑inspection}
end
where {offline‑protection | reverse-proxy | transparent | transparent‑inspection} is a choice between the available operation modes.
2. If you are changing to true transparent proxy or transparent inspection mode, also enter the following commands:
config system settings
set gateway <gateway_ipv4>
end
where
<gateway_ipv4> is the IP address of the gateway router (see
“Adding a gateway”).
FortiWeb will use the gateway setting to create a corresponding static route under config router static with the first available index number. Packets will egress through port1, the hard-coded management network interface for the transparent operation modes.
3. If you have not yet adjusted the physical topology to suit the new operation mode, see
“Planning the network topology”. You may also need to reconfigure IP addresses, static routes, bridges, and virtual servers, and enable or disable SSL/TLS on your web servers.
See also
