Learn client IP addresses

Learning the actual client IP addresses is imperative for authorization. This function identifies the real client IP address when there is a NATing device between the FortiGate and the client.

config web-proxy global
    set learn-client-ip {enable | disable}
    set learn-client-ip-from-header {true-client-ip | x-real-ip | x-forwarded-for}
    set learn-client-ip-srcaddr <address> ... <address>
end

learn-client-ip {enable \| disable}	Enable/disable learning the client's IP address from headers.
learn-client-ip-from-header {true-client-ip \| x-real-ip \| x-forwarded-for}	Learn client IP addresses from the specified headers.
learn-client-ip-srcaddr <address> ... <address>	The source address names.

Example

In this example, the real client IP address is used to match a policy for FSSO au

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Table of Contents

Administration Guide

Learn client IP addresses

Example