Forwarding non-HTTP/HTTPS traffic
FAQ
Why is FortiWeb not forwarding non-HTTP traffic (for example, RDP, FTP) to back-end servers even though set ip-forward is enabled?
The config router setting command allows you to change how FortiWeb handles non-HTTP/HTTPS traffic when it is operating in Reverse Proxy mode.
When the setting ip-forward is enabled, for any non-HTTP/HTTPS traffic with a destination other than a FortiWeb virtual server (for example, a back-end server), FortiWeb acts as a router and forwards it based in its destination address.
However, any non-HTTP/HTTPS traffic destined for a virtual server on the appliance is dropped.
Therefore, if you require clients need to reach a back-end server using FTP or another non-HTTP/HTTPS protocol, ensure the client uses the back-end server's IP address.
For more detailed information about this setting and a configuration that avoids this problem, see the “Router setting” topic in the FortiWeb CLI Reference:
HTTPS://docs.fortinet.com/product/fortiweb/
How to forward non-HTTP/HTTPS traffic
If FortiWeb is operating in Reverse Proxy mode, by default, it does not forward non HTTP/HTTPS protocols to protected servers.
However, you can use the following command to enable IP-based forwarding (routing):
config router setting
set ip-forward {enable | disable}
end