Learn client IP addresses

Learning the actual client IP addresses is imperative for authorization. This function identifies the real client IP address when there is a NATing device between the FortiGate and the client.

config web-proxy global
    set learn-client-ip {enable | disable}
    set learn-client-ip-from-header {true-client-ip | x-real-ip | x-forwarded-for}
    set learn-client-ip-srcaddr <address> ... <address>

learn-client-ip {enable | disable}

Enable/disable learning the client's IP address from headers.

learn-client-ip-from-header {true-client-ip | x-real-ip | x-forwarded-for}

Learn client IP addresses from the specified headers.

learn-client-ip-srcaddr <address> ... <address>

The source address names.


In this example, the real client IP address is used to match a policy for FSSO au