Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiWeb 8.0.1 Administration Guide
    8.0.1
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Summary

    Summary

    Here’s a summary table of FortiWeb’s operation modes with their features and differences.

    Reverse Proxy

    WCCP Mode

    True Transparent Proxy (TTP)

    Transparent Inspection (TI)

    Offline Protection
    Traffic Flow

    Client

    FortiWeb

    Server

    Client

    Firewall

    FortiWeb

    Server

    Client

    FortiWeb (bridged ports)

    Server

    Client

    FortiWeb (bridged ports)

    Server

    Client

    Server (traffic mirrored to FortiWeb)
    Network Changes Requires DNS updates to point to FortiWeb’s VIP No DNS/IP changes No DNS/IP changes No DNS/IP changes No DNS/IP changes

    SSL/TLS Proxy

    Yes

    No

    No

    No

    No
    SSL ciphers TLS 1.0/1.1/1.2/1.3 TLS 1.0/1.1/1.2/1.3 TLS 1.0/1.1/1.2/1.3 TLS 1.0/1.1/1.2 TLS 1.0/1.1/1.2
    Client IP Preservation Client IP passed via headers (e.g., X-Forwarded-For); server sees FortiWeb IP Client IP passed via headers (e.g., X-Forwarded-For); server sees FortiWeb IP Server sees client’s real IP Server sees client’s real IP Server sees client’s real IP
    Real-Time Blocking Full blocking capabilities Full blocking capabilities Full blocking capabilities Only reset connections and cannot return any custom block page Delayed blocking via RST packets (often ineffective)
    Security Features Full suite (signatures, ML, request/response modification, etc.) Full suite except ML based API Protection Full suite (signatures, ML, request/response modification, etc.) Limited Monitoring and alerts only
    HA Support Active-Passive, Active-Active (Standard/High Volume) Active-Passive only Active-Passive, Standard Active-Active Active-Passive only Active-Passive only

    Use Cases

    Full protection, SSL offloading, load balancing

    Integration with existing firewalls/routers

    Transparent deployment with client IP preservation

    Passive inspection in rigid network environments

    Monitoring-only scenarios

    Pros

    - Full security features

    - Hides server IP

    - Supports load balancing/caching

    - No DNS changes

    - Scalable via WCCP groups

    - Transparent deployment

    - Client IP preserved

    - Supports traffic modification

    - Transparent deployment

    - Low latency

    - No DNS changes

    - Zero traffic impact

    Cons

    - Requires DNS changes

    - HA required for redundancy

    - Complex configuration

    - Relies on WCCP devices

    - No Layer 3 features (e.g., load balancing)

    - Complex bridge setup

    - Limited security features

    - No TLS 1.3 support

    - No real-time blocking

    - TCP-only support

    Previous
    Next

    Summary

    Summary

    Here’s a summary table of FortiWeb’s operation modes with their features and differences.

    Reverse Proxy

    WCCP Mode

    True Transparent Proxy (TTP)

    Transparent Inspection (TI)

    Offline Protection
    Traffic Flow

    Client

    FortiWeb

    Server

    Client

    Firewall

    FortiWeb

    Server

    Client

    FortiWeb (bridged ports)

    Server

    Client

    FortiWeb (bridged ports)

    Server

    Client

    Server (traffic mirrored to FortiWeb)
    Network Changes Requires DNS updates to point to FortiWeb’s VIP No DNS/IP changes No DNS/IP changes No DNS/IP changes No DNS/IP changes

    SSL/TLS Proxy

    Yes

    No

    No

    No

    No
    SSL ciphers TLS 1.0/1.1/1.2/1.3 TLS 1.0/1.1/1.2/1.3 TLS 1.0/1.1/1.2/1.3 TLS 1.0/1.1/1.2 TLS 1.0/1.1/1.2
    Client IP Preservation Client IP passed via headers (e.g., X-Forwarded-For); server sees FortiWeb IP Client IP passed via headers (e.g., X-Forwarded-For); server sees FortiWeb IP Server sees client’s real IP Server sees client’s real IP Server sees client’s real IP
    Real-Time Blocking Full blocking capabilities Full blocking capabilities Full blocking capabilities Only reset connections and cannot return any custom block page Delayed blocking via RST packets (often ineffective)
    Security Features Full suite (signatures, ML, request/response modification, etc.) Full suite except ML based API Protection Full suite (signatures, ML, request/response modification, etc.) Limited Monitoring and alerts only
    HA Support Active-Passive, Active-Active (Standard/High Volume) Active-Passive only Active-Passive, Standard Active-Active Active-Passive only Active-Passive only

    Use Cases

    Full protection, SSL offloading, load balancing

    Integration with existing firewalls/routers

    Transparent deployment with client IP preservation

    Passive inspection in rigid network environments

    Monitoring-only scenarios

    Pros

    - Full security features

    - Hides server IP

    - Supports load balancing/caching

    - No DNS changes

    - Scalable via WCCP groups

    - Transparent deployment

    - Client IP preserved

    - Supports traffic modification

    - Transparent deployment

    - Low latency

    - No DNS changes

    - Zero traffic impact

    Cons

    - Requires DNS changes

    - HA required for redundancy

    - Complex configuration

    - Relies on WCCP devices

    - No Layer 3 features (e.g., load balancing)

    - Complex bridge setup

    - Limited security features

    - No TLS 1.3 support

    - No real-time blocking

    - TCP-only support

    Previous
    Next