Switch only if you chose Offline Protection mode for evaluation or transition purposes when you first set up your FortiWeb appliance, and now want to transition to a full deployment.
To switch the operation mode
- Back up your configuration. For details, see Backups.
- Disconnect all cables from the physical ports except the cable to your management computer.
- Reconfigure the network interfaces with the IP addresses and routes that they will need in their new topology.
- Re-cable your network topology to match the new mode. For details, see Planning the network topology.
- Change the operation mode. For details, see Setting the operation mode.
- Go to System > Network > Route and select Static Route tab. If your static routes were erased, re-create them. For details, see Adding a gateway.
- Go to System > Network > Interface. If your VLAN configurations were removed, re-create them. If you chose one of the transparent modes, consider creating a v-zone bridge instead of VLANs. For details, see Configuring a bridge (V-zone).
- Go to Policy > Web Protection Policy and select Inline Protection Profile tab. Create new inline protection profiles that reference the rules and policies in each of your previous Offline Protection profiles. For details, see Configuring a protection profile for inline topologies and How operation mode affects server policy behavior.
- Go to Policy > Server Policy. Edit your existing server policies to reference the new inline protection profiles instead of the Offline Protection profiles. For details, see How operation mode affects server policy behavior.
- Watch the monitors on the dashboard to make sure traffic is flowing through your appliance in the new mode.
- Since there are many possible configuration changes when switching modes, including additional available protections, don’t forget to retest. Prior testing is no longer applicable.
|Back up your system before changing the operation mode. Changing modes deletes policies not applicable to the new mode, static routes, and V-zone IP addresses. You may also need to re-cable your network topology to suit the operation mode.