Workflow
Begin with How to set up your FortiWeb for your initial deployment. These instructions guide you to the point where you have a simple working configuration.
Ongoing use is located in subsequent chapters, and includes instructions for processes including:
- Backing up FortiWeb
- Updating FortiWeb
- Configuring optional features
- Adjusting policies if:
- New attack signatures become available
- Requirements change
- Fine-tuning performance
- Periodic web vulnerability scans if required by your compliance regime
- Monitoring for defacement or focused, innovative attack attempts from advanced persistent threats (APTs)
- Monitoring for accidentally blacklisted client IPs
Because policies consolidate many protection components, you should configure policies after you've configured those components.
This figure illustrates the general configuration process:
This figure illustrates the configuration process for setting up DoS protection:
- Configure anti-DoS settings for each type:
- TCP connection floods (Limiting TCP connections per IP address)
- TCP SYN floods (Preventing a TCP SYN flood)
- HTTP floods (Preventing an HTTP request flood)
- HTTP access limits (Limiting the total HTTP request rate from an IP)
- Malicious IPs (TCP connection floods detected by session cookie instead of source IP address, which could be shared by multiple clients; Limiting TCP connections per IP address by session cookie)