Fortinet black logo

FortiWeb Manager Administration Guide

Home FortiWeb 6.2.3 FortiWeb Manager Administration Guide

Setting up the network

6.2.3
7.4.0
7.2.0
7.0.0
6.3.0
6.2.3
Copy Link
Copy Doc ID 7461b3d5-68ec-11ea-9384-00505692583a:832096
Download PDF

Setting up the network

The network settings are used to configure interfaces for the FortiWeb Manager unit. You should also specify what interface that an administrators can use to access the FortiWeb Manager unit. If required, static routes can be configured.

note icon

For the initial network settings after deploying the FortiWeb Manager-VM, you need to log in to CLI to configure the network interface and route. For more information, see the "Configuring access to FortiWeb Manager" section in FortiWeb Manager Deployment Guide.

The default interface for FortiWeb Manager units is port1. It can be used to configure one IP address for the FortiWeb Manager unit, or multiple ports can be configured with multiple IP addresses for improved security.

You can configure administrative access in IPv4 or IPv6, and the allowed access methods include HTTPS, HTTP, PING, SSH.

note icon The HTTP traffic will be automatically redirected to HTTPS.

Configuring the network interfaces

FortiWeb devices can be connected to any of FortiWeb Manager unit's network interfaces (ports). The DNS servers must be on the networks to which the FortiWeb Manager unit connects, and should have two different IP addresses.

FortiWeb Manager supports the following ports by default. You can edit ports settings, but you cannot add more ports.

Network Interface* IPv4 Address/Netmask IPv6 Address/Netmask
port1 192.168.1.99/24 ::/0
port2 0.0.0.0/0 ::/0
port3 0.0.0.0/0 ::/0
port4 0.0.0.0/0 ::/0

To configure the interface:

  1. Go to System Settings > Network > Interface.
  2. Select the port1 row.
  3. Click Edit.
    The Edit Interface dialog appears. Name displays the name and media access control (MAC) address of this network interface. The network interface is directly associated with one physical link as indicated by its name, such as port1 by default.
  4. Configure these settings:

    IPv4 Addressing mode Specify whether FortiWeb Manager acquires an IPv4 address for this network interface manually or using DHCP to allow DHCP server to automatically assign IP address.
    IPv4/Netmask Type the IP address and subnet mask, separated by a forward slash ( / ), such as 192.0.2.2/24 for an IPv4 address.

    The IP address must be on the same subnet as the network to which the interface connects. Two network interfaces cannot have IP addresses on the same subnet.

    By default, the system enables HTTPS, HTTP, PING and SSH methods.
    IPv6 Addressing mode Specify whether FortiWeb Manager acquires an IPv6 address for this network interface manually or using DHCP to allow DHCP server to automatically assign IP address.
    IPv6/Netmask Type the IP address and subnet mask, separated by a forward slash ( / ), 2001:0db8:85a3:::8a2e:0370:7334/64 for an IPv6 address.

    The IP address must be on the same subnet as the network to which the interface connects. Two network interfaces cannot have IP addresses on the same subnet.

    By default, the system enables HTTPS, HTTP, PING and SSH methods.
    Description Type a comment. The maximum length is 63 characters.

    Optional.
    5. tooltip icon

    You can also configure the network interface through CLI: Set interface <PORT> (ip|ip6) <IPADDRESS/LENGTH>
  5. Click OK.

Configuring routes

The Route options allow you to configure a gateway for FortiWeb Manager.

Routes direct traffic exiting FortiWeb Manager based on the packet’s destination — you can specify through which network interface a packet leaves and the IP address of the next-hop router that is reachable from that network interface. Routers are aware of which IP addresses are reachable through various network pathways and can forward those packets along pathways capable of reaching the packets’ ultimate destinations. Your FortiWeb Manager itself does not need to know the full route, as long as the routers can pass along the packet.

You must configure at least one route that points to a router, often a router that is the gateway to the Internet. You can configure multiple static routes if you have multiple gateway routers (for example, each router receives packets destined for a different subset of IP addresses), redundant routers (for example, redundant Internet/ISP links), or other special routing cases.

However, in most cases, you configure only one route: a default route.

To add a route, go to System Settings > Network > Route, and then click Create

Setting name Description
Destination IP/Mask (IPv4/IPv6) Enter the destination IP address and network mask of packets that use this static route, separated by a slash ( / ).

Enter 0.0.0.0/0.0.0.0 , 0.0.0.0/0or ::/0 to create a default route that matches the DST field in the IP header of all packets.
Gateway (IPv4/IPv6)

Enter the IP address of the next-hop router to which FortiWeb Manager forwards packets that match Destination IP/Mask (IPv4/IPv6). Ensure that this router knows how to route packets to the destination IP addresses or forward packets to another router with this information.

For a direct Internet connection, this is the router that forwards traffic towards the Internet, and could belong to your ISP.
Interface

Select the network interface through which FortiWeb Manager routes the packets that match Destination IP/Mask (IPv4/IPv6) to the next-hop router.


tooltip icon

You can also configure the route through CLI: set route <DST/LENGTH> gw <GATEWAY> device <DEVICE>


Configuring DNS

Like many other types of network devices, FortiWeb appliances require connectivity to DNS servers for DNS lookups.

Your Internet service provider (ISP) may supply IP addresses of DNS servers, or you may want to use the IP addresses of your own DNS servers. You must provide unicast, non-local addresses for your DNS servers. Local host and broadcast addresses will not be accepted.

To configure DNS settings:

  1. Go to System Settings > Network > DNS.
  2. In Primary DNS Server, type the IP address of the primary DNS server.
  3. In Secondary DNS Server, type the IP address of the secondary DNS server.
Previous
Next

Setting up the network

The network settings are used to configure interfaces for the FortiWeb Manager unit. You should also specify what interface that an administrators can use to access the FortiWeb Manager unit. If required, static routes can be configured.

note icon

For the initial network settings after deploying the FortiWeb Manager-VM, you need to log in to CLI to configure the network interface and route. For more information, see the "Configuring access to FortiWeb Manager" section in FortiWeb Manager Deployment Guide.

The default interface for FortiWeb Manager units is port1. It can be used to configure one IP address for the FortiWeb Manager unit, or multiple ports can be configured with multiple IP addresses for improved security.

You can configure administrative access in IPv4 or IPv6, and the allowed access methods include HTTPS, HTTP, PING, SSH.

note icon The HTTP traffic will be automatically redirected to HTTPS.

Configuring the network interfaces

FortiWeb devices can be connected to any of FortiWeb Manager unit's network interfaces (ports). The DNS servers must be on the networks to which the FortiWeb Manager unit connects, and should have two different IP addresses.

FortiWeb Manager supports the following ports by default. You can edit ports settings, but you cannot add more ports.

Network Interface* IPv4 Address/Netmask IPv6 Address/Netmask
port1 192.168.1.99/24 ::/0
port2 0.0.0.0/0 ::/0
port3 0.0.0.0/0 ::/0
port4 0.0.0.0/0 ::/0

To configure the interface:

  1. Go to System Settings > Network > Interface.
  2. Select the port1 row.
  3. Click Edit.
    The Edit Interface dialog appears. Name displays the name and media access control (MAC) address of this network interface. The network interface is directly associated with one physical link as indicated by its name, such as port1 by default.
  4. Configure these settings:

    IPv4 Addressing mode Specify whether FortiWeb Manager acquires an IPv4 address for this network interface manually or using DHCP to allow DHCP server to automatically assign IP address.
    IPv4/Netmask Type the IP address and subnet mask, separated by a forward slash ( / ), such as 192.0.2.2/24 for an IPv4 address.

    The IP address must be on the same subnet as the network to which the interface connects. Two network interfaces cannot have IP addresses on the same subnet.

    By default, the system enables HTTPS, HTTP, PING and SSH methods.
    IPv6 Addressing mode Specify whether FortiWeb Manager acquires an IPv6 address for this network interface manually or using DHCP to allow DHCP server to automatically assign IP address.
    IPv6/Netmask Type the IP address and subnet mask, separated by a forward slash ( / ), 2001:0db8:85a3:::8a2e:0370:7334/64 for an IPv6 address.

    The IP address must be on the same subnet as the network to which the interface connects. Two network interfaces cannot have IP addresses on the same subnet.

    By default, the system enables HTTPS, HTTP, PING and SSH methods.
    Description Type a comment. The maximum length is 63 characters.

    Optional.
    5. tooltip icon

    You can also configure the network interface through CLI: Set interface <PORT> (ip|ip6) <IPADDRESS/LENGTH>
  5. Click OK.

Configuring routes

The Route options allow you to configure a gateway for FortiWeb Manager.

Routes direct traffic exiting FortiWeb Manager based on the packet’s destination — you can specify through which network interface a packet leaves and the IP address of the next-hop router that is reachable from that network interface. Routers are aware of which IP addresses are reachable through various network pathways and can forward those packets along pathways capable of reaching the packets’ ultimate destinations. Your FortiWeb Manager itself does not need to know the full route, as long as the routers can pass along the packet.

You must configure at least one route that points to a router, often a router that is the gateway to the Internet. You can configure multiple static routes if you have multiple gateway routers (for example, each router receives packets destined for a different subset of IP addresses), redundant routers (for example, redundant Internet/ISP links), or other special routing cases.

However, in most cases, you configure only one route: a default route.

To add a route, go to System Settings > Network > Route, and then click Create

Setting name Description
Destination IP/Mask (IPv4/IPv6) Enter the destination IP address and network mask of packets that use this static route, separated by a slash ( / ).

Enter 0.0.0.0/0.0.0.0 , 0.0.0.0/0or ::/0 to create a default route that matches the DST field in the IP header of all packets.
Gateway (IPv4/IPv6)

Enter the IP address of the next-hop router to which FortiWeb Manager forwards packets that match Destination IP/Mask (IPv4/IPv6). Ensure that this router knows how to route packets to the destination IP addresses or forward packets to another router with this information.

For a direct Internet connection, this is the router that forwards traffic towards the Internet, and could belong to your ISP.
Interface

Select the network interface through which FortiWeb Manager routes the packets that match Destination IP/Mask (IPv4/IPv6) to the next-hop router.


tooltip icon

You can also configure the route through CLI: set route <DST/LENGTH> gw <GATEWAY> device <DEVICE>


Configuring DNS

Like many other types of network devices, FortiWeb appliances require connectivity to DNS servers for DNS lookups.

Your Internet service provider (ISP) may supply IP addresses of DNS servers, or you may want to use the IP addresses of your own DNS servers. You must provide unicast, non-local addresses for your DNS servers. Local host and broadcast addresses will not be accepted.

To configure DNS settings:

  1. Go to System Settings > Network > DNS.
  2. In Primary DNS Server, type the IP address of the primary DNS server.
  3. In Secondary DNS Server, type the IP address of the secondary DNS server.
Previous
Next