Administration Guide

Introduction
What's new
Key concepts
- Workflow
- Sequence of scans
- IPv6 support
- Solutions for specific web attacks
- HTTP/2 support
- HTTP sessions & security
- FortiWeb high availability (HA)
- Administrative domains (ADOMs)
- How to use the web UI
- Shutdown
How to set up your FortiWeb
- Appliance vs. VMware
- Registering your FortiWeb
- Planning the network topology
- Connecting to the web UI or CLI
- Updating the firmware
- Changing the “admin” account password
- Setting the system time & date
- Setting the operation mode
- Feature visibility
- Configuring High Availability (HA) basic settings
  - HA heartbeat & active node election
  - Synchronization
- Replicating the configuration without FortiWeb HA (external HA)
- Configuring the network settings
- Configuring DNS settings
- Configuring HA settings specifically for active-passive and standard active-active modes
- Configuring HA settings specifically for high volume active-active mode
- Defining your web servers & load balancers
  - Protected web servers vs. allowed/protected host names
  - Defining your protected/allowed HTTP “Host:” header names
  - Defining your web servers
  - Defining your proxies, clients, & X-headers
  - Defining your network services
  - Configuring virtual servers on your FortiWeb
  - Enabling or disabling traffic forwarding to your servers
- Configuring FortiWeb to receive traffic via WCCP
- Configuring basic policies
- Testing your installation
- Switching out of Offline Protection mode
Policies
- How operation mode affects server policy behavior
- Configuring the global object white list
- Configuring a protection profile for inline topologies
- Generating a protection profile using scanner reports
- Configuring a protection profile for an out-of-band topology or asynchronous mode of operation
- Configuring client management
- Configuring an HTTP server policy
- Configuring traffic mirror
- ADFS Proxy
- Configuring FTP security
Secure connections (SSL/TLS)
- Offloading vs. inspection
- Supported cipher suites & protocol versions
- Uploading trusted CA certificates
- How to offload or inspect HTTPS
- Forcing clients to use HTTPS
- HTTP Public Key Pinning
- How to apply PKI client authentication (personal certificates)
- Seamless PKI integration
- Revoking certificates
- How to export/back up certificates & private keys
- How to change FortiWeb's default certificate
- Configuring OCSP stapling
Users
- Authentication styles
- Offloading HTTP authentication & authorization
- Site Publishing (Single sign-on)
- Using Kerberos authentication delegation
- Offloaded authentication and optional SSO configuration
- To create an Active Directory (AD) user for FortiWeb
- Example: Enforcing complex passwords
- Tracking users
Application delivery
- Rewriting & redirecting
- Compression
- Caching
  - What can be cached?
- Acceleration
Web protection
- Blocking known attacks
- Advanced protection
- Cookie security
- Input validation
- Protocol constraints
  - HTTP/HTTPS protocol constraints
  - WebSocket Protocol
- Access control
  - Restricting access to specific URLs
  - Cross-Origin Resource Sharing (CORS) protection
- Anti-defacement
Bot mitigation
- Configuring threshold based detection
- Configuring biometrics based detection
- Configuring bot deception
- Configuring known bots
- Configuring bot mitigation policy
Protection for APIs
- Configuring JSON protection
- Configuring XML protection
- OpenAPI Validation
- Configuring mobile API protection
- API gateway
DoS protection
- DoS prevention
- Preventing slow and low attacks
IP Protection
- IP List - Blocklisting & whitelisting clients using a source IP or source IP range
- GEO IP - Blocklisting & whitelisting countries & regions
- IP Reputation - Blocklisting source IPs with poor reputation
Machine learning
- Enabling machine learning policy
- Configuring anomaly detection policy
- Configuring bot detection policy
  - Viewing bot detection model status
  - Viewing the bot detection violations
Compliance
- Authorization
- Preventing data leaks
- Vulnerability scans
Administrators
- Configuring access profiles
- Grouping remote authentication queries and certificates for administrators
- Changing an administrator’s password
- Certificate-based Web UI login
Advanced/optional system settings
- Changing the FortiWeb appliance’s host name
- Fail-to-wire for power loss/reboots
- Customizing error and authentication pages (replacement messages)
- Configuring the integrated firewall
  - Network address translation (NAT)
- Advanced settings
- Backup & restore
FortiView
- Topology
- Security
- Traffic
- Sessions
Monitoring your system
- Status dashboard
- Policy Status dashboard
- RAID level & disk statuses
- Logging
- Alert email
- SNMP traps & queries
- Reports
- Debug log
- Monitoring currently blocked IPs
- Monitoring currently tracked clients
- FortiGuard updates
- Vulnerability scans
Fine-tuning & best practices
- Hardening security
- Improving performance
- Improving fault tolerance
- Reducing false positives
- Regular backups
- Downloading logs in RAM before shutdown or reboot
Troubleshooting
- Frequently asked questions
- Tools
- How to troubleshoot
- Solutions by issue type
- Resetting the configuration
- Restoring firmware (“clean install”)
Appendix A: Port numbers
Appendix B: Maximum configuration values
Appendix C: Supported RFCs, W3C, & IEEE standards
Appendix D: Regular expressions
Appendix E: How to purchase and renew FortiGuard licenses

Home FortiWeb 6.3.18 Administration Guide

6.3.18

Supported cipher suites & protocol versions

How secure is an HTTPS connection?

There are physical considerations, such as restricting access to private keys and decrypted traffic. Another part is the encryption. For details, see Offloading vs. inspection.

A secure connection’s protocol version and cipher suite, including encryption bit strength and encryption algorithms, is negotiated between the client and the SSL/TLS terminator during the handshake.

The FortiWeb operation mode determines which device is the SSL terminator. It is either:

The FortiWeb (if doing SSL offloading)
The web server (if FortiWeb is doing only SSL inspection)

When FortiWeb is the SSL terminator, FortiWeb controls which ciphers are allowed. For details, see SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy).

When the web server is the terminator, it controls which ciphers are allowed. If it selects a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task. For details, see SSL inspection cipher suites and protocols (offline and Transparent Inspection).

SSL offloading cipher suites and protocols (Reverse Proxy and True Transparent Proxy)

If you have configured SSL offloading for your FortiWeb operating in Reverse Proxy mode, you can specify which protocols a server policy allows and whether the set of cipher suites it supports is medium-level security, high-level security or a customized set. For details, see Configuring an HTTP server policy.

In True Transparent Proxy mode, you can specify these same advanced SSL settings to configure offloading for a server pool member. For details, see Creating an HTTP server pool.

Selecting the supported cipher suites using the advanced SSL settings

The SSL/TLS encryption level in the advanced SSL settings provides the following options:

High—Supports the ciphers listed in High/medium SSL/TLS encryption levels.
Medium—Supports all ciphers supported by the high encryption level, plus the additional ciphers listed in the table Medium-only SSL/TLS encryption levels.
Customized—Allows you to select the ciphers that the policy supports.

High/medium SSL/TLS encryption levels

Cipher	TLS 1.3	TLS 1.2	TLS 1.0, 1.1
AES_256_GCM_SHA384	Yes
CHACHA20_POLY1305_SHA256	Yes
AES_128_GCM_SHA256	Yes
ECDHE-RSA-AES256-GCM-SHA384		Yes
DHE-RSA-AES256-GCM-SHA384		Yes
ECDHE-RSA-CHACHA20-POLY1305		Yes
DHE-RSA-CHACHA20-POLY1305		Yes
DHE-RSA-AES256-CCM8		Yes
DHE-RSA-AES256-CCM		Yes
ECDHE-RSA-AES128-GCM-SHA256		Yes
DHE-RSA-AES128-GCM-SHA256		Yes
DHE-RSA-AES128-CCM8		Yes
DHE-RSA-AES128-CCM		Yes
ECDHE-RSA-AES256-SHA384		Yes
DHE-RSA-AES256-SHA256		Yes
ECDHE-RSA-CAMELLIA256-SHA384		Yes
DHE-RSA-CAMELLIA256-SHA256		Yes
ECDHE-RSA-AES128-SHA256		Yes
DHE-RSA-AES128-SHA256		Yes
ECDHE-RSA-CAMELLIA128-SHA256		Yes
DHE-RSA-CAMELLIA128-SHA256		Yes
DHE-RSA-CAMELLIA128-SHA		Yes	Yes
ECDHE-RSA-AES256-SHA		Yes	Yes
DHE-RSA-AES256-SHA		Yes	Yes
DHE-RSA-CAMELLIA256-SHA		Yes	Yes
ECDHE-RSA-AES128-SHA		Yes	Yes
DHE-RSA-AES128-SHA		Yes	Yes
AES256-GCM-SHA384		Yes
AES256-CCM8		Yes
AES256-CCM		Yes
AES128-GCM-SHA256		Yes
AES128-CCM8		Yes
AES128-CCM		Yes
AES256-SHA256		Yes
CAMELLIA256-SHA256		Yes
CAMELLIA256-SHA		Yes	Yes
CAMELLIA128-SHA		Yes	Yes
AES128-SHA256		Yes
CAMELLIA128-SHA256		Yes
AES256-SHA		Yes	Yes
AES128-SHA		Yes	Yes
ECDHE-ECDSA-AES256-GCM-SHA384		Yes
ECDHE-ECDSA-CHACHA20-POLY1305		Yes
ECDHE-ECDSA-AES256-CCM8		Yes
ECDHE-ECDSA-AES256-CCM		Yes
ECDHE-ECDSA-AES128-GCM-SHA256		Yes
ECDHE-ECDSA-AES128-CCM8		Yes
ECDHE-ECDSA-AES128-CCM		Yes
ECDHE-ECDSA-AES256-SHA384		Yes
ECDHE-ECDSA-CAMELLIA256-SHA384		Yes
ECDHE-ECDSA-AES128-SHA256		Yes
ECDHE-ECDSA-CAMELLIA128-SHA256		Yes
ECDHE-ECDSA-AES256-SHA		Yes	Yes
ECDHE-ECDSA-AES128-SHA		Yes	Yes
DHE-DSS-AES256-GCM-SHA384		Yes
DHE-DSS-AES128-GCM-SHA256		Yes
DHE-DSS-AES256-SHA256		Yes
DHE-DSS-CAMELLIA256-SHA256		Yes
DHE-DSS-AES128-SHA256		Yes
DHE-DSS-CAMELLIA128-SHA256		Yes
DHE-DSS-CAMELLIA128-SHA		Yes
DHE-DSS-AES256-SHA		Yes	Yes
DHE-DSS-CAMELLIA256-SHA		Yes	Yes
DHE-DSS-AES128-SHA		Yes	Yes
ECDHE-ARIA128-GCM-SHA256		Yes
DHE-RSA-ARIA128-GCM-SHA256		Yes
DHE-RSA-ARIA256-GCM-SHA384		Yes
ECDHE-ARIA256-GCM-SHA384		Yes
ARIA256-GCM-SHA384		Yes
ARIA128-GCM-SHA256		Yes
ECDHE-ECDSA-ARIA256-GCM-SHA384		Yes
ECDHE-ECDSA-ARIA128-GCM-SHA256		Yes
DHE-DSS-ARIA256-GCM-SHA384		Yes
DHE-DSS-ARIA128-GCM-SHA256		Yes

Medium-only SSL/TLS encryption levels

Cipher	TLS 1.2	TLS 1.0, 1.1
DHE-RSA-SEED-SHA	Yes	Yes
DHE-DSS-SEED-SHA	Yes	Yes
IDEA-CBC-SHA		Yes
SEED-SHA	Yes	Yes
DHE-DSS-SEED-SHA	Yes	Yes
IDEA-CBC-SHA	Yes	Yes
SEED-SHA	Yes	Yes

Generally speaking, for security reasons, SHA-1 is preferable, although you may not be able to use it for client compatibility reasons. Avoid using:

Older hash algorithms, such as MD5. To disable MD5, for SSL/TLS encryption level, select High.
Encryption bit strengths less than 128
Older styles of renegotiation (These are vulnerable to Man-in-the-Middle (MITM) attacks.)
Client-initiated renegotiation. Configure Configuring an HTTP server policy.

Customized-only SSL/TLS encryption levels

Cipher	TLS 1.3	TLS 1.2	TLS 1.0, 1.1
AES_128_CCM_SHA256	Yes
AES_128_CCM_8_SHA256	Yes
ECDHE_RSA_DES_CBC3_SHA		Yes	Yes
DES_CBC3_SHA		Yes	Yes

SSL inspection cipher suites and protocols (offline and Transparent Inspection)

In Transparent Inspection and Offline Protection modes, if the client and server communicate using a cipher that FortiWeb does not support, FortiWeb cannot perform the SSL inspection task.

If you are not sure which cipher suites your web server supports, you can use a client-side tool to test. For details, see Checking the SSL/TLS handshake & encryption.

Supported ciphers for offline and Transparent Inspection

Cipher	TLS 1.2	TLS 1.0, 1.1
AES128-SHA	Yes	Yes
AES256-SHA	Yes	Yes
AES128-SHA256	Yes
AES256-SHA256	Yes
AES256-GCM-SHA384	Yes
AES128-GCM-SHA256	Yes
CAMELLIA256-SHA	Yes	Yes
SEED-SHA	Yes	Yes

In offline and Transparent Inspection mode, FortiWeb does not support Ephemeral Diffie-Hellman key exchanges, which may be accepted by clients such as Google Chrome.