If CDN is enabled, the data on your origin servers will be cached in FortiWeb Cloud scrubbing centers distributed around the world or within a certain continent. When users request data from your application, they can be directed to the nearest scrubbing center and rendered with the requested data. For the list of scrubbing centers, see Restricting direct traffic & allowing FortiWeb Cloud IP addresses.
You can enable CDN when onboarding an application, or set this option in the Application Settings dialog (Global > Applications).
The traffic expenses may increase if you enable CDN.
The following graph shows a typical traffic flow when a user initiates a request to the data stored on your application server. It helps you understand which part of traffic expense increases if CDN is enabled.
- User's request first reaches FortiWeb Cloud scrubbing center for threat detection.
- FortiWeb Cloud sends request to your application server to get the data requested by the user.
- The application server sends response to FortiWeb Cloud.
- FortiWeb Cloud sends response to the user.
Your traffic expense includes the following two parts:
- Expense for traffic flow number 4. That is, the traffic sent from FortiWeb Cloud to your application users.
FortiWeb Cloud charges for this traffic with a fixed rate. It does not change whether CDN is enabled or not.
- Expense for traffic flow number 3. That is, the traffic outbound from your application server to FortiWeb Cloud.
Your Internet Service Provider (ISP) charges you for this part of the expense. The unit price for this traffic might vary depending on whether CDN is enabled or not.
If CDN is not enabled, you will be assigned with a FortiWeb Cloud scrubbing center located in the same region with your application server, or a region closest to your application server.
If CDN is enabled, depending on whether you have selected a specific continent or Global, user requests are directed to the nearest FortiWeb Cloud scrubbing center (either globally or within the specified continent) closest to the user, but it could be far from the places where your application server is located.
So, for traffic flow number 3, the transmission path might be comparatively longer when CDN is enabled. Your ISP probably will charge you with a higher price for the long distance transmission. For example, AWS intra-region data transfer is considerably higher than in-region data transfer (See AWS pricing policy).
- If your application server is deployed on AWS, Azure, OCI, or Google Cloud, you will be charged for the intra-region data transfer if CDN is enabled.
- If your application server is deployed elsewhere, such as in your private on-premise environment, FortiWeb Cloud scrubbing centers located on AWS will process the traffic. Please consult your ISP about the price of data transfer between your application server and FortiWeb Cloud scrubbing center.
Please note that enabling CDN does not always cause the traffic expense to increase. In cases where user request hits the data cached on FortiWeb Cloud, FortiWeb Cloud directly sends response to the user. As there isn't any traffic flow from your application server to FortiWeb Cloud, no expense will incur. By caching data on FortiWeb Cloud, it saves the cost to fetch data from your application sever every time when users request it.
|When CDN is enabled, API Discovery and ML Based Detection must be disabled. This restriction will be lifted in future release.|