Application Delivery Controller

Expand all | Collapse all

Reflection of Client IP on Fortiweb WAF

  Thread closed by the administrator, not accepting new replies.
  • 1.  Reflection of Client IP on Fortiweb WAF

    Posted Dec 14, 2020 08:13 AM
    No replies, thread closed.
    I have a Fortiweb WAF in my environment that routes traffic to my Apps. But my app only sees the IP of the WAF. How can i set up the WAF so that my apps can see the clients IPs.

    Thank you.


  • 2.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 14, 2020 08:22 AM
    No replies, thread closed.
    Hi Khalid,

    You need to enable "Client Real IP" on your Server Policy.


  • 3.  RE: Reflection of Client IP on Fortiweb WAF

     
    Posted Dec 14, 2020 08:26 AM
    No replies, thread closed.
    Hi Kalid,

    If your WAF is not inline, or return path routing doesn't go through FortiWeb, you could also forward the client IP-address per X-Forwarded-For header.
    Most applications can use XFF-header for policy or logging purposes.

    Regards,
    Ferry




  • 4.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 16, 2020 03:48 AM
    No replies, thread closed.
    Hi Ferry,

    I have tried this but didnt work. but will try it again, maybe I missed something.

    Thank you.


  • 5.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 14, 2020 08:27 AM
    No replies, thread closed.
    Hi Rafael,

    Thank you for your response. Does the policy exists on the WAF or the server itself.


  • 6.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 14, 2020 08:31 AM
    No replies, thread closed.
    Server Policy is on FWB configuration (Reverse Proxy Mode). Backend server must point their DFGW to the FWB. Can you share your network diagram?

    ------------------------------
    Best Regards
    Rafael LEHMANI
    CSE INTL
    ------------------------------



  • 7.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 16, 2020 03:44 AM
      |   view attached
    No replies, thread closed.
    Hi Rafael,

    Please see the attached network diagram, its a simple client-server kind of setup but with a WAF in between.

    I just need the WAF to be able pass the User IP to the Load Balancer, instead of the WAF IP.

    Thank you.


  • 8.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 16, 2020 03:55 AM
    No replies, thread closed.

    Ok Khalid.
    As I said previously, you just need to enable ""Client Real IP" on the Server Policy.
    Did you try it?
    BR

    Rafael



    ------------------------------
    Best Regards
    Rafael LEHMANI
    CSE INTL
    ------------------------------



  • 9.  RE: Reflection of Client IP on Fortiweb WAF

    Posted Dec 16, 2020 04:01 AM
    No replies, thread closed.
    In case you also need to track source IPs from webapp, you do need to  add an XFF policy on FWB and on LB that track AND add source IP/Proxy IP.
    Can you share FWB and LB configs?

    ------------------------------
    Best Regards
    Rafael LEHMANI
    CSE INTL
    ------------------------------