How to set up your FortiWeb : Planning the network topology : How to choose the operation mode : Supported features in each operation mode
 
Supported features in each operation mode
Many features work regardless of the operation mode that you choose. For some features, support varies by the operation mode and, in some cases, varies by HTTP or HTTPS protocol. SSL/TLS, for example, inherently requires HTTPS. Similarly, rewriting inherently requires an inline topology and synchronous processing, and therefore is only supported in modes that work that way.
For the broadest feature support, choose reverse proxy mode.
If you require a feature that is not supported in your chosen operation mode, such as DoS protection or SSL/TLS offloading, your web server or another network appliance will need to be configured to provide that feature. The table below lists the features that are not universally supported in all modes/protocols.
Table 7: Feature support that varies by operation mode
Feature
Operation mode
Reverse proxy
True transparent proxy
Transparent inspection
Offline protection
HTTP
HTTPS
Bridges / V-zones
No
Yes
Yes
Yes
No
Caching
Yes
Yes
Yes
No
No
Client Certificate Verification
Yes
Yes
Yes
No
No
Config. Sync
(Non-HA)
Yes ^
Yes
Yes
Yes
Yes
Cookie Poisoning Prevention
Yes
Yes
Yes
No
No
DoS Protection
Yes
Yes
Yes
No
No
Error Page Customization
Yes
Yes
Yes
No
No
Fail-to-wire
No
Yes
Yes
Yes
No
File Compression
Yes
Yes
Yes
No
No
Hidden Input Constraints
Yes
Yes
Yes
No
No
HA
Yes
Yes
Yes
Yes
No
Information Disclosure Prevention
(Anti-Server Fingerprinting)
Yes
Yes
Yes
Yes §
Yes
Page Order Rules
Yes
Yes
Yes
No
No
Rewriting / Redirection
Yes
Yes
Yes
No
No
Session Management
Yes
Yes *
Yes *
Yes *
Yes *
Site Publishing
Yes
Yes
Yes
No
No
SSL/TLS Offloading
Yes
N/A
No
No
No
SSLv3 Support
Yes
N/A
Yes ~
Yes ~
Yes ~
SSLv2 Support
Yes
N/A
No
No
No
Start Page Enforcement
Yes
Yes
Yes
No
No
User Authentication
Yes
Yes #
Yes
No
No
X-Forwarded-For: Support
Yes
Yes
Yes
No
No
 
^ Full configuration sync is not supported in reverse proxy mode.
TCP SYN cookie flood prevention is supported.
§ Only the Alert action is supported.
* Requires that your web application have session IDs. See Session Key.
~ DSA-encrypted server certificates are not supported.
¶ Diffie-Hellman key exchanges are not supported.
# PKI authentication requires HTTPS.