Setting the operation mode
Once the FortiWeb appliance is mounted and powered on, you have physically connected the FortiWeb appliance to your overall network, and you have connected to either the FortiWeb appliance’s web UI or CLI, you must configure the operation mode.
You will usually set the operation mode once when setting up FortiWeb. Exceptions include if you install the FortiWeb appliance in Offline Protection mode for evaluation or transition purposes, before deciding to switch to another mode for more feature support in a permanent deployment. See also Switching out of Offline Protection mode.
The physical topology must match the operation mode. For details, see Planning the network topology and How to choose the operation mode. |
FortiWeb models that use Data Plane Development Kit (DPDK) for packet processing can reboot automatically when you change the operation mode to or from Offline Protection. These models include 2000E, 3000E, 3010E, 4000E, 2000F, 3000F, and 4000F.
To configure the operation mode via the web UI
Back up your configuration before changing the operation mode. For details, see Backup & restore. Changing modes deletes any policies not applicable to the new mode, all static routes, V-zone IPs, TCP SYN flood protection settings, and VLANs. You also must re-cable your network topology to suit the operation mode, unless you are switching between the two transparent modes, which have similar network topology requirements. |
- Go to System > Config > Operation.
- From Operation Mode, select one of the following modes:
Alternatively, go to System > Status > Status. In the System Information widget, next to Operation Mode, click Change.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.
- Reverse Proxy
- Offline Protection
- True Transparent Proxy
- Transparent Inspection
- WCCP
For details, see How to choose the operation mode.
To select the WCCP mode, you need first enable it in System > Feature Visibility, otherwise WCCP won't show in the Operation Mode list.
If you are selecting True Transparent Proxy, Transparent Inspection mode, or WCCP, configure the following:
Management IP—Specify the IP address to access the web UI. FortiWeb assigns this management IP address to port1.
Default Gateway—Set to the IP address of the next hop router.
To configure the operation mode via the CLI
Back up your configuration before changing the operation mode. For details, see Backup & restore. Changing modes deletes any policies not applicable to the new mode, all static routes, V-zone IPs, and VLANs. You may also need to re-cable your network topology to suit the operation mode. Exceptions may include switching between the two transparent modes, which have similar network topology requirements. |
- Enter the following commands:
- If you are changing to True Transparent Proxy, Transparent Inspection, or WCCP mode, also enter the following commands:
- If you have not yet adjusted the physical topology to suit the new operation mode, see Planning the network topology. You may also need to reconfigure IP addresses, static routes, bridges, and virtual servers, and enable or disable SSL/TLS on your web servers.
config system settings
set opmode {offline-protection | reverse-proxy | transparent | transparent-inspection | wccp}
end
where {offline-protection | reverse-proxy | transparent | transparent-inspection| wccp}
specifies the operation mode.
config system settings
set gateway <gateway_ipv4>
end
where <gateway_ipv4>
is the IP address of the gateway router. For details, see Adding a gateway.
FortiWeb will use the gateway
setting to create a corresponding static route under config router static
with the first available index number. Packets will egress through port1
, the hard-coded management network interface for the transparent and WCCP operation modes.