Web Application Firewall

Web Application Firewall

Go to Security Profiles > Web Application Firewall. From here you can customize the default Web Application Firewall profile, or create new profiles, to protect against a variety of web-based threats. Web Application Firewall profiles can be created with a variety of options (Signatures and Constraints), similar to other security profiles.

You can set the Web Application Firewall to use an External Security Device, such as FortiWeb, by setting

Inspection Device to External.

Web Application Firewall

Selecting External in the Web Application Firewall profile adds the following configuration to the CLI:

config waf profile edit default

set external enable end

You must add the Web Application Firewall profile to a firewall policy in order for that traffic to be offloaded to the

External Security Device for processing.

If your FortiGate or VDOM Inspection mode is set to flow-based you must use the CLI to set a Web Application Firewall profile to external mode and add the Web Applic- ation Firewall profile to a firewall policy.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Web Application Firewall

  1. lior

    Hi there
    i’m having a problem that the profile is not logging anything
    i’ve set everything to monitor and turned on all sessions logging on the policy that i have the waf profile enabled on. all the logs are filling up except the waf logs. i know such a problem?

    thank you


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.