Documentation

Feature documentations

These documents includes Administration Guide, CLI Reference, Deployment Guide, etc., focusing on detailed explanations of FortiWeb’s configuration parameters, helping you understand and implement its features accurately.

• FortiWeb Administration Guide

• FortiWeb CLI Reference

• FortiWeb Release Notes

• Script Reference Guide

• FortiWeb Log Message Reference

• Troubleshooting Guide

• Deploying FortiWeb-VM on public cloud platforms

• Deploying FortiWeb-VM on private cloud platforms

• Ingress Controller Release Notes

• Ingress Controller Installation Guide

• Ingress Controller Kubernetes Installation Guide

• Ingress Controller Openshift Installation Guide

Onboarding guides

The following documentation provide essential product knowledge designed to help new users quickly understand the key concepts of FortiWeb and start unlocking its full potential from day one.

• WAF Concept Guide

  Provides a broad overview of Web Application Firewall (WAF) concepts and FortiWeb’s core features. Includes infographics and embedded videos for easier understanding.

• WAF Network Architecture Guide

  Presents a high-level overview of FortiWeb's placement in the network topology, and the deployment architectures across various operation and high availability (HA) modes. Explains traffic flows, key benefits, and limitations of each mode to help you choose the most suitable setup for your network topology.

Solution guides

These guides address the OWASP Top 10 Security Risks with real-world examples and provides step-by-step configuration instructions to mitigate the risks.

• WAF Solutions against OWASP Top10 Risks

  Introduces the OWASP Top 10 Web Application Security Risks with real-world use cases. Offers step-by-step FortiWeb configuration guidance to mitigate each risk.

• WAF solutions against OWASP Top 10 API Security Risks

  Covers the OWASP Top 10 API Security Risks with real-world examples. Offers step-by-step FortiWeb configuration guidance to effectively defend against these risks.

• WAF Solutions against OWASP Top 10 Client-Side Security Risks

  Explores the OWASP Top 10 Client-Side Security Risks using practical use cases. Offers step-by-step FortiWeb configuration guidance to mitigate these threats.

• WAF solutions against Bot Attacks

  Explains common bot attack types through real-world scenarios. Offers step-by-step FortiWeb configuration guidance to detect and block malicious bot activity.

Use cases for complex configurations

• Implementing HTTPS to protect sensitive data in transmission

  This use case demonstrates how to upload a server certificate to FortiWeb so it can prove the authenticity of your domains to clients. This step is critical when FortiWeb operates in Reverse Proxy mode, acting as an SSL proxy to process the HTTPS traffic.

• Validating the client's certificate to secure sensitive transactions

  This use case guides you through uploading a certificate to FortiWeb that enables it to validate client certificates as part of mutual TLS (mTLS), ensuring both parties in the transaction are authenticated and trusted.

• Centralized user authentication with authentication servers

  Learn how to integrate FortiWeb with your user authentication servers including LDAP, RADIUS, and NTLM.

• Centralized user authentication with IdP integration

  Learn how to connect FortiWeb with third-party identity providers such as Okta, Google, and Facebook.