Web Application Firewall

Web Application Firewall

Go to Security Profiles > Web Application Firewall. From here you can customize the default Web Application Firewall profile, or create new profiles, to protect against a variety of web-based threats. Web Application Firewall profiles can be created with a variety of options (Signatures and Constraints), similar to other security profiles.

You can set the Web Application Firewall to use an External Security Device, such as FortiWeb, by setting

Inspection Device to External.

Web Application Firewall

Selecting External in the Web Application Firewall profile adds the following configuration to the CLI:

config waf profile edit default

set external enable end

You must add the Web Application Firewall profile to a firewall policy in order for that traffic to be offloaded to the

External Security Device for processing.

If your FortiGate or VDOM Inspection mode is set to flow-based you must use the CLI to set a Web Application Firewall profile to external mode and add the Web Applic- ation Firewall profile to a firewall policy.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos