Fortinet black logo

Troubleshooting Guide

FAQ

Copy Link
Copy Doc ID e6dc543a-b050-11ec-9fd1-fa163e15d75b:415041
Download PDF

FAQ

Why don't my back-end servers receive the virtual server IP address as the source IP?

When the operation mode is Reverse Proxy, the server pool members receive the IP address of the FortiWeb interface the connection uses. If the back-end servers need to know the IP address of the client where the request originated, configure a X-Forwarded-For rule for the appropriate profile. For details, see "Defining your proxies, clients, & X-headers" in FortiWeb Administration Guide.

Does an FTP server policy handle FTP, FTPS and SFTP traffic?

Until you configure an FTP server policy, FortiWeb will deny all FTP traffic.

You can configure an FTP server policy to handle FTP and FTPS traffic, but SFTP is not supported.

FTPS (also named as FTP-over-SSL) is based on SSL/TLS and actually requires a backend FTP server for the communication. SFTP (SSH File Transfer Protocol) is just a part of SSH. It's more like a file transfer client instead of a server service.

Why does blocking by XFF not work when private IP in XFF?

By default, XFF parsing will ignore private IP. If you do not want to ignore it, please set as follows:

FortiWeb # config waf x-forwarded-for

FortiWeb (x-forwarded-for) # edit test

FortiWeb (test) # set skip-private-original-ip disable

FortiWeb (test) # end

FAQ

Why don't my back-end servers receive the virtual server IP address as the source IP?

When the operation mode is Reverse Proxy, the server pool members receive the IP address of the FortiWeb interface the connection uses. If the back-end servers need to know the IP address of the client where the request originated, configure a X-Forwarded-For rule for the appropriate profile. For details, see "Defining your proxies, clients, & X-headers" in FortiWeb Administration Guide.

Does an FTP server policy handle FTP, FTPS and SFTP traffic?

Until you configure an FTP server policy, FortiWeb will deny all FTP traffic.

You can configure an FTP server policy to handle FTP and FTPS traffic, but SFTP is not supported.

FTPS (also named as FTP-over-SSL) is based on SSL/TLS and actually requires a backend FTP server for the communication. SFTP (SSH File Transfer Protocol) is just a part of SSH. It's more like a file transfer client instead of a server service.

Why does blocking by XFF not work when private IP in XFF?

By default, XFF parsing will ignore private IP. If you do not want to ignore it, please set as follows:

FortiWeb # config waf x-forwarded-for

FortiWeb (x-forwarded-for) # edit test

FortiWeb (test) # set skip-private-original-ip disable

FortiWeb (test) # end