Learn client IP addresses
Learning the actual client IP addresses is imperative for authorization. This function identifies the real client IP address when there is a NATing device between the FortiGate and the client.
config web-proxy global set learn-client-ip {enable | disable} set learn-client-ip-from-header {true-client-ip | x-real-ip | x-forwarded-for} set learn-client-ip-srcaddr <address> ... <address> end
learn-client-ip {enable | disable} |
Enable/disable learning the client's IP address from headers. |
learn-client-ip-from-header {true-client-ip | x-real-ip | x-forwarded-for} |
Learn client IP addresses from the specified headers. |
learn-client-ip-srcaddr <address> ... <address> |
The source address names. |
Example
In this example, the real client IP address is used to match a policy for FSSO au