Document
Library

User Guide

Overview
What's new
Subscribing to FortiWeb Cloud
- Subscribing on AWS Marketplace
- Subscribing on Azure Marketplace
- Subscribing on Google Cloud Marketplace
- Subscribing on OCI Marketplace
- Purchasing contracts
- Two-Factor Authentication
- FortiFlex
FortiCloud Organizational Units
Getting started
- Onboarding applications
- Example: Changing DNS records on AWS Route 53
- Changing IP addresses of origin servers
- Restricting direct traffic & allowing FortiWeb Cloud IP addresses
- How does FortiWeb Cloud choose regions?
- CDN
- Understanding block mode and action
Global settings
- Application management
- Templates
- Audit logs
- Admin management
  - Migrating to IAM user
- Role management
- Contracts
- Cloud Connectors
- Custom block pages
- Settings
- Reports
Threat Analytics
- Threat Analytics
- Attack logs
- WAF Gateway
Log Settings
Configuring network
- Origin Servers
Endpoints
- Supported cipher suites & protocol versions
WAF modules
- How to add or remove a module
- Security Rules
- Client Security
- Access Rules
- Bot Mitigation
- DDoS prevention
- Advanced Applications
  - Custom Rule
  - WebSocket Security
- API Protection
- Application Delivery
- Global Trustlist
Vulnerability Scan
FortiView
Using FortiWeb Cloud with DevOps tools
- Configuring FortiWeb Cloud with Terraform
- Configuring FortiWeb Cloud with Ansible
- Configuring FortiWeb Cloud with Jenkins
Use cases
- Using FortiWeb Cloud behind a Content Distribution Service
- Network settings for applications serving different content over HTTP and HTTPS
- FortiWeb Cloud and Splunk
- Fortinet Security Fabric
- Managing External IdP roles in FortiCloud IAM
- Frequently used regular expressions
Best practices
- Using Dashboard to monitor important notices
- Utilizing FortiView to reduce false positives
- Setting up a secure environment
- How to block the ongoing DDoS attack
Sequence of scans
Supported cipher suites & protocol versions
Maximum configuration values
FAQs
- Onboarding applications
- Network
- Security
- Logs
- Subscriptions and Contracts
- Accounts
- Miscellaneous
Contacting customer service

Home FortiWeb Cloud User Guide

Onboarding applications

Onboarding applications

For how to onboard applications, please refer to Getting Started in our online help.

It's suggested to perform the following actions after an application is onboarded:

Required actions

Change the DNS record at your DNS service using the CNAME provided by FortiWeb Cloud.
Configure your origin servers to only accept traffic from FortiWeb Cloud IP addresses. See this article for a list of FortiWeb Cloud IP addresses.
Configure security rules and observe the attack logs in FortiView or Attack Logs. If legitimate traffic is falsely detected as attacks, add exceptions or modify the security rules to avoid false positives in the future. See Log Settings for how to add exceptions.
Enable Block Mode in Global > Applications if you have continuously observed the attack logs for several days and there aren't any false positives recorded in the logs.

Optional actions

Whitelist FortiWeb Cloud IP addresses to make sure access from FortiWeb Cloud to your web application is uninterrupted. See this article for a list of FortiWeb Cloud IP addresses.

In FortiWeb Cloud, an application is a declared domain name and up to 9 other domain names attaching to it, which all belong to the same root domain and all point to the same origin server(s). For example, "example.com" and "test.example.com" can be part of the same application "example.com", while "test.com" is a different application.

A CNAME record is a part of the DNS zone records (that may or may not be present) that is used to essentially redirect from one URL to another. The CNAME record for a DNS zone will have a URL for the record NAME, it will be of record TYPE “CNAME”, and it will have a VALUE of another URL. The VALUE field of a CNAME record is often called the CNAME, or canonical (true) name.

When you complete onboarding an application, FortiWeb Cloud provides you with a CNAME. You need to go to your DNS service and pair this CNAME with your application's domain name.

If your DNS service does not support CNAME, the workaround is to pair your application's domain name with the IP addresses of the FortiWeb Cloud scrubbing center which is deployed in the same region with your origin server. See this article for a list of FortiWeb Cloud IP addresses.

Please note the CDN feature won't be available in this scenario because all the traffic will be forwarded to a fixed scrubbing center.

FortiWeb Cloud supports most of the regions on AWS, Azure, and Google Cloud. See this article for a detailed list of supported regions.

By enabling CDN, the data on your origin servers can be cached in FortiWeb Cloud scrubbing centers distributed around the world. When users request data from your application, they can be directed to the nearest scrubbing center and rendered with the requested data. See this article for a list of FortiWeb Cloud IP addresses.

You can enable CDN when onboarding an application, or set this option in the Application Settings dialog (Global > Applications).

Previous

Next

Onboarding applications

For how to onboard applications, please refer to Getting Started in our online help.

It's suggested to perform the following actions after an application is onboarded:

Required actions

Change the DNS record at your DNS service using the CNAME provided by FortiWeb Cloud.
Configure your origin servers to only accept traffic from FortiWeb Cloud IP addresses. See this article for a list of FortiWeb Cloud IP addresses.
Configure security rules and observe the attack logs in FortiView or Attack Logs. If legitimate traffic is falsely detected as attacks, add exceptions or modify the security rules to avoid false positives in the future. See Log Settings for how to add exceptions.
Enable Block Mode in Global > Applications if you have continuously observed the attack logs for several days and there aren't any false positives recorded in the logs.

Optional actions

Whitelist FortiWeb Cloud IP addresses to make sure access from FortiWeb Cloud to your web application is uninterrupted. See this article for a list of FortiWeb Cloud IP addresses.

In FortiWeb Cloud, an application is a declared domain name and up to 9 other domain names attaching to it, which all belong to the same root domain and all point to the same origin server(s). For example, "example.com" and "test.example.com" can be part of the same application "example.com", while "test.com" is a different application.

A CNAME record is a part of the DNS zone records (that may or may not be present) that is used to essentially redirect from one URL to another. The CNAME record for a DNS zone will have a URL for the record NAME, it will be of record TYPE “CNAME”, and it will have a VALUE of another URL. The VALUE field of a CNAME record is often called the CNAME, or canonical (true) name.

When you complete onboarding an application, FortiWeb Cloud provides you with a CNAME. You need to go to your DNS service and pair this CNAME with your application's domain name.

If your DNS service does not support CNAME, the workaround is to pair your application's domain name with the IP addresses of the FortiWeb Cloud scrubbing center which is deployed in the same region with your origin server. See this article for a list of FortiWeb Cloud IP addresses.

Please note the CDN feature won't be available in this scenario because all the traffic will be forwarded to a fixed scrubbing center.

FortiWeb Cloud supports most of the regions on AWS, Azure, and Google Cloud. See this article for a detailed list of supported regions.

By enabling CDN, the data on your origin servers can be cached in FortiWeb Cloud scrubbing centers distributed around the world. When users request data from your application, they can be directed to the nearest scrubbing center and rendered with the requested data. See this article for a list of FortiWeb Cloud IP addresses.

You can enable CDN when onboarding an application, or set this option in the Application Settings dialog (Global > Applications).

Previous

Next