Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.2
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiWeb 8.0.2 Administration Guide
    8.0.2
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Traffic flow of transparent modes

    Traffic flow of transparent modes

    In True Transparent Proxy (TTP) Mode and Transparent Inspection (TI) Mode, traffic flows from the client to FortiWeb's bridge interface (without changing the destination IP address), where it is inspected before being forwarded to the backend back-end server, which responds directly to the client using its original IP address.

    Client Request:

    • A client sends a request directly to the back-end server’s IP (e.g., 93.184.216.34).

    • The request reaches to FortiWeb’s bridged ports (e.g. Port1/Port2).

    FortiWeb Processing:

    • True Transparent Proxy:

      • FortiWeb transparently proxies traffic arriving on a network port that belongs to a Layer 2 bridge. It terminate the connection, inspects the request, and forwards it to the back-end server.

      • TTP mode is very close to RP mode. It is capable of serving custom return codes and block pages. It also supports the use of more secured TLS 1.3.

      • Back-end server sees the client’s original IP (no NAT).

    • Transparent Inspection:

      • Inspects traffic without terminating the connection. FortiWeb only uses the web server’s certificate to decrypt traffic in order to scan it for policy violations. If there are no violations, it allows the existing encrypted traffic to continue without interruption.

      • When violations are detected, FortiWeb can only reset connections and cannot return any custom block page.

      • Only supports TLS 1.0/1.1/1.2.

    Server Response:

    • The back-end server replies directly to the client’s IP.

    • Response traffic passes through FortiWeb for inspection (if configured).

    Previous
    Next

    Traffic flow of transparent modes

    Traffic flow of transparent modes

    In True Transparent Proxy (TTP) Mode and Transparent Inspection (TI) Mode, traffic flows from the client to FortiWeb's bridge interface (without changing the destination IP address), where it is inspected before being forwarded to the backend back-end server, which responds directly to the client using its original IP address.

    Client Request:

    • A client sends a request directly to the back-end server’s IP (e.g., 93.184.216.34).

    • The request reaches to FortiWeb’s bridged ports (e.g. Port1/Port2).

    FortiWeb Processing:

    • True Transparent Proxy:

      • FortiWeb transparently proxies traffic arriving on a network port that belongs to a Layer 2 bridge. It terminate the connection, inspects the request, and forwards it to the back-end server.

      • TTP mode is very close to RP mode. It is capable of serving custom return codes and block pages. It also supports the use of more secured TLS 1.3.

      • Back-end server sees the client’s original IP (no NAT).

    • Transparent Inspection:

      • Inspects traffic without terminating the connection. FortiWeb only uses the web server’s certificate to decrypt traffic in order to scan it for policy violations. If there are no violations, it allows the existing encrypted traffic to continue without interruption.

      • When violations are detected, FortiWeb can only reset connections and cannot return any custom block page.

      • Only supports TLS 1.0/1.1/1.2.

    Server Response:

    • The back-end server replies directly to the client’s IP.

    • Response traffic passes through FortiWeb for inspection (if configured).

    Previous
    Next