Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiWeb-VM on Open Xen

    Home FortiWeb Private Cloud FortiWeb-VM on Open Xen

    Bridging to one of the Xen server’s physical network interfaces

    Bridging to one of the Xen server’s physical network interfaces

    If you have not yet installed the network bridge utilities required by Xen in order to bridge virtual machines’ vNICs to the hypervisor’s network connection, you must do that by installing the bridge network utilities and then editing the network interface configuration.

    sudo apt-get install bridge-utils

    sudo nano /etc/network/interfaces

    When editing the network interface configuration, usually you should bind the bridge (in the vif example in Deploying via Virtual Machine Manager or Deploying via dom0 command line, the bridge is xenbr0) to one of your network interfaces (e.g. eth0) in /etc/network/interfaces. Depending on the number of physical interfaces on the server and how you will map them to vNetworks, you may need to create multiple bridges.

    The following table provides an example of how vNICs could be mapped to the physical network ports on a server with two physical NICs for a FortiWeb operating in reverse proxy mode.

    Example: Network mapping for Reverse Proxy mode
    Xen Project FortiWeb-VM
    Physical Network Adapter Network Mapping (vSwitch Port Group) Virtual Network Adapter for FortiWeb-VM Network Interface Name in Web UI/CLI
    eth0 xenbr0 Management port1
    eth1 External port2
    Internal port3
    External port4

    Below is a configuration example assuming the server has only one physical NIC, eth0:

    auto lo

    iface lo inet loopback

    auto eth0

    iface eth0 inet manual

    auto xenbr0

    iface xenbr0 inet static

    address 192.0.2.10

    netmask 255.255.255.0

    gateway 192.0.2.1

    #Enable line below for vSwitch with FortiWeb transparent mode

    #allow-hotplug xenbr0

    Previous
    Next

    Bridging to one of the Xen server’s physical network interfaces

    Bridging to one of the Xen server’s physical network interfaces

    If you have not yet installed the network bridge utilities required by Xen in order to bridge virtual machines’ vNICs to the hypervisor’s network connection, you must do that by installing the bridge network utilities and then editing the network interface configuration.

    sudo apt-get install bridge-utils

    sudo nano /etc/network/interfaces

    When editing the network interface configuration, usually you should bind the bridge (in the vif example in Deploying via Virtual Machine Manager or Deploying via dom0 command line, the bridge is xenbr0) to one of your network interfaces (e.g. eth0) in /etc/network/interfaces. Depending on the number of physical interfaces on the server and how you will map them to vNetworks, you may need to create multiple bridges.

    The following table provides an example of how vNICs could be mapped to the physical network ports on a server with two physical NICs for a FortiWeb operating in reverse proxy mode.

    Example: Network mapping for Reverse Proxy mode
    Xen Project FortiWeb-VM
    Physical Network Adapter Network Mapping (vSwitch Port Group) Virtual Network Adapter for FortiWeb-VM Network Interface Name in Web UI/CLI
    eth0 xenbr0 Management port1
    eth1 External port2
    Internal port3
    External port4

    Below is a configuration example assuming the server has only one physical NIC, eth0:

    auto lo

    iface lo inet loopback

    auto eth0

    iface eth0 inet manual

    auto xenbr0

    iface xenbr0 inet static

    address 192.0.2.10

    netmask 255.255.255.0

    gateway 192.0.2.1

    #Enable line below for vSwitch with FortiWeb transparent mode

    #allow-hotplug xenbr0

    Previous
    Next