API gateway | FortiWeb 6.2.4 | Fortinet Document Library

Document
Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Table of Contents

Introduction
What’s new
Key concepts
- Workflow
- Sequence of scans
- IPv6 support
- Solutions for specific web attacks
- HTTP/2 support
- HTTP sessions & security
- FortiWeb high availability (HA)
- Administrative domains (ADOMs)
- How to use the web UI
- Shutdown
How to set up your FortiWeb
- Appliance vs. VMware
- Registering your FortiWeb
- Planning the network topology
- Connecting to the web UI or CLI
- Updating the firmware
- Changing the “admin” account password
- Setting the system time & date
- Setting the operation mode
- Configuring High Availability (HA) basic settings
  - HA heartbeat & active node election
  - Synchronization
- Replicating the configuration without FortiWeb HA (external HA)
- Configuring the network settings
- Configuring DNS settings
- Configuring HA settings specifically for active-passive and standard active-active modes
- Configuring HA settings specifically for high volume active-active mode
- Defining your web servers & load balancers
- Configuring FortiWeb to receive traffic via WCCP
- Configuring basic policies
- Testing your installation
- Switching out of Offline Protection mode
Policies
- How operation mode affects server policy behavior
- Configuring the global object white list
- Configuring a protection profile for inline topologies
- Generating a protection profile using scanner reports
- Configuring a protection profile for an out-of-band topology or asynchronous mode of operation
- Configuring an HTTP server policy
- Configuring traffic mirror
Configuring FTP security
- Creating an FTP command restriction rule
- Creating an FTP file check rule
- Configuring an FTP security inline profile
- Creating an FTP server pool
- Creating an FTP server policy
AD FS Proxy
- Configuring FortiWeb as an AD FS proxy
- Configuring a virtual server
- Creating an AD FS server pool
- Uploading trusted CA certificates
- Creating an AD FS server policy
- Troubleshooting
FortiView
- Topology
- Security
- Traffic
- Sessions
Backups
- backup full-config
- Restoring a previous configuration
Debug log
Administrators
- Configuring access profiles
- Grouping remote authentication queries and certificates for administrators
- Changing an administrator’s password
- Certificate-based Web UI login
Users
- Authentication styles
- Offloading HTTP authentication & authorization
- Single sign-on (SSO) (site publishing)
- Using Kerberos authentication delegation
- Offloaded authentication and optional SSO configuration
- To create an Active Directory (AD) user for FortiWeb
- Example: Enforcing complex passwords
- Tracking users
Secure connections (SSL/TLS)
- Offloading vs. inspection
- Supported cipher suites & protocol versions
- Uploading trusted CA certificates
- How to offload or inspect HTTPS
- Forcing clients to use HTTPS
- HTTP Public Key Pinning
- How to apply PKI client authentication (personal certificates)
- Seamless PKI integration
- Revoking certificates
- How to export/back up certificates & private keys
- How to change FortiWeb's default certificate
- Configuring OCSP stapling
Access control
- Restricting access to specific URLs
- Combination access control & rate limiting
- Blacklisting & whitelisting clients
- Blocking client devices with poor reputation
- Protecting against cookie poisoning and other cookie-based attacks
- Cross-Origin Resource Sharing (CORS) protection
Blocking known attacks & data leaks
- Connecting to FortiGuard services
- Receiving quarantined source IP addresses from FortiGate
- False Positive Mitigation for SQL Injection signatures
- Syntax-based SQL injection detection
- Configuring action overrides or exceptions to data leak & attack detection signatures
- Defining custom data leak & attack signatures
- Defeating cipher padding attacks on individually encrypted inputs
- Defeating cross-site request forgery (CSRF) attacks
- Addressing security vulnerabilities by HTTP Security Headers
- Enforcing page order that follows application logic
- Specifying URLs allowed to initiate sessions
Preventing zero-day attacks
- Validating parameters (“input rules”)
- Preventing tampering with hidden inputs
- Specifying allowed HTTP methods
- HTTP/HTTPS protocol constraints
- WebSocket Protocol
Protection for Man-in-the-Browser (MiTB) attacks
- Creating Man in the Browser (MiTB) Protection Rule
- Creating Man in the Browser (MiTB) Protection Policy
Protection for APIs
- Configuring JSON protection
- Configuring XML protection
- OpenAPI Validation
- Configuring mobile API protection
- API gateway
Limiting file uploads
Anti-defacement
Rate limiting
- DoS prevention
- Preventing brute force logins
- Preventing slow and low attacks
Rewriting & redirecting
Caching
- What can be cached?
Compression
Compliance
- Database security
- Authorization
- Preventing data leaks
- Vulnerability scans
Advanced/optional system settings
- Changing the FortiWeb appliance’s host name
- Fail-to-wire for power loss/reboots
- Customizing error and authentication pages (replacement messages)
- Configuring the integrated firewall
- Advanced settings
Monitoring your system
- Status dashboard
- Policy Status dashboard
- RAID level & disk statuses
- Logging
- Alert email
- SNMP traps & queries
- Reports
- Monitoring currently blocked IPs
- Monitoring currently tracked devices
- FortiGuard updates
- Vulnerability scans
Bot mitigation
- Configuring threshold based detection
- Configuring biometrics based detection
- Configuring bot deception
- Configuring bot mitigation policy
Machine learning
- Enabling machine learning policy
- Configuring anomaly detection policy
- Configuring bot detection profiles
  - Viewing bot detection model status
  - Viewing the bot detection violations
Fine-tuning & best practices
- Hardening security
- Improving performance
- Improving fault tolerance
- Reducing false positives
- Regular backups
- Downloading logs in RAM before shutdown or reboot
Troubleshooting
- Frequently asked questions
- Tools
- How to troubleshoot
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
Appendix A: Port numbers
Appendix B: Maximum configuration values
Appendix C: Supported RFCs, W3C, & IEEE standards
Appendix D: Regular expressions
Appendix E: How to purchase and renew FortiGuard licenses

Administration Guide

6.2.4

Download PDF

Copy Doc ID 43701021-33ab-11eb-96b9-00505692583a:511481

Copy Link

API gateway

API gateway provides the following functions:

API user management
API key verification
API access control
Rate limit control
API call rewriting

Previous

Next

API gateway

API gateway provides the following functions:

API user management
API key verification
API access control
Rate limit control
API call rewriting

Previous

Next