Web Application Firewall
Go to Security Profiles > Web Application Firewall. From here you can customize the default Web Application Firewall profile, or create new profiles, to protect against a variety of web-based threats. Web Application Firewall profiles can be created with a variety of options (Signatures and Constraints), similar to other security profiles.
You can set the Web Application Firewall to use an External Security Device, such as FortiWeb, by setting
Inspection Device to External.
Selecting External in the Web Application Firewall profile adds the following configuration to the CLI:
config waf profile edit default
set external enable end
You must add the Web Application Firewall profile to a firewall policy in order for that traffic to be offloaded to the
External Security Device for processing.
If your FortiGate or VDOM Inspection mode is set to flow-based you must use the CLI to set a Web Application Firewall profile to external mode and add the Web Applic- ation Firewall profile to a firewall policy.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!