⭕️اگر داخل ایران فورتی وب استفاده میکنید بروزرسانی فوری انجام بدید.
آسیب پذیری RCE که امروز خبر فیکس شدنش منتشر شد, طبق بررسی ها در موتور جستجوی shodan در ایران تارگت های آسیب پذیری با تعداد بالا هنوز وجود دارد.
لینک خبر
#fortinet #fortiweb
@Engineer_Computer
آسیب پذیری RCE که امروز خبر فیکس شدنش منتشر شد, طبق بررسی ها در موتور جستجوی shodan در ایران تارگت های آسیب پذیری با تعداد بالا هنوز وجود دارد.
لینک خبر
#fortinet #fortiweb
@Engineer_Computer
👍1
🛡 End-to-End Web Security Architecture: FortiWeb WAF + FortiGate in Reverse Proxy Mode
Recently completed a comprehensive lab implementation and full documentation of a production-grade web security architecture using FortiWeb as a Web Application Firewall behind FortiGate, deployed on PNETLAB with KVM-based VMs.
🔹 Traffic Flow Architecture:
Client → FortiGate (WAN/VIP) → FortiWeb (WAF Inspection) → Apache2 Real Server → Response back to Client
🔹 Key Implementation Highlights:
✅ Linux Web Server hardening with Apache2 and static IP configuration via Netplan
✅ FortiWeb interface setup across three segments (Real Server / Client-LAN / Management)
✅ Complete WAF policy chain: Virtual IP → Server Pool → Virtual Server → Server Policy
✅ FortiGate perimeter configuration with DNAT Virtual IP (100.100.100.50 → 192.168.100.50)
✅ Firewall policy with full session logging for HTTP/HTTPS/PING traffic
✅ CLI-based traffic logging activation on FortiWeb (a step many engineers miss!)
✅ End-to-end verification through Forward Traffic logs on both devices
🔹 Why Reverse Proxy Mode?
It provides deep HTTP/HTTPS inspection, granular WAF policy enforcement, and clean separation between perimeter firewalling (FortiGate) and application-layer protection (FortiWeb) — a layered defense approach aligned with Zero Trust principles.
🔹 Key Lesson Learned:
The order of WAF policy configuration matters → Virtual IP must exist before the Server Pool, which must exist before the Virtual Server, which must exist before the Server Policy. Skipping the sequence breaks the binding chain.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), WAF implementation, ICS/OT security (IEC 62443, NIST), and infrastructure hardening.
#CyberSecurity #FortiWeb #FortiGate #WAF #NetworkSecurity #Fortinet #ReverseProxy #InfoSec #OpenToWork #NetworkEngineer #PenetrationTesting #ICS #OTSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Recently completed a comprehensive lab implementation and full documentation of a production-grade web security architecture using FortiWeb as a Web Application Firewall behind FortiGate, deployed on PNETLAB with KVM-based VMs.
🔹 Traffic Flow Architecture:
Client → FortiGate (WAN/VIP) → FortiWeb (WAF Inspection) → Apache2 Real Server → Response back to Client
🔹 Key Implementation Highlights:
✅ Linux Web Server hardening with Apache2 and static IP configuration via Netplan
✅ FortiWeb interface setup across three segments (Real Server / Client-LAN / Management)
✅ Complete WAF policy chain: Virtual IP → Server Pool → Virtual Server → Server Policy
✅ FortiGate perimeter configuration with DNAT Virtual IP (100.100.100.50 → 192.168.100.50)
✅ Firewall policy with full session logging for HTTP/HTTPS/PING traffic
✅ CLI-based traffic logging activation on FortiWeb (a step many engineers miss!)
✅ End-to-end verification through Forward Traffic logs on both devices
🔹 Why Reverse Proxy Mode?
It provides deep HTTP/HTTPS inspection, granular WAF policy enforcement, and clean separation between perimeter firewalling (FortiGate) and application-layer protection (FortiWeb) — a layered defense approach aligned with Zero Trust principles.
🔹 Key Lesson Learned:
The order of WAF policy configuration matters → Virtual IP must exist before the Server Pool, which must exist before the Virtual Server, which must exist before the Server Policy. Skipping the sequence breaks the binding chain.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), WAF implementation, ICS/OT security (IEC 62443, NIST), and infrastructure hardening.
#CyberSecurity #FortiWeb #FortiGate #WAF #NetworkSecurity #Fortinet #ReverseProxy #InfoSec #OpenToWork #NetworkEngineer #PenetrationTesting #ICS #OTSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
❤2
🔐 Fortinet Firewall Topology – Secure. Segment. Protect.
A well-designed network is the backbone of strong cybersecurity. This topology using Fortinet demonstrates how to build a secure and scalable infrastructure with proper segmentation and control.
✅ Key Highlights:
• Segmented zones: LAN (Trust), DMZ, and Management Network
• Secure remote connectivity via IPsec VPN
• Dual WAN setup for high availability and backup internet
• Controlled access policies between network zones
• Advanced security features like IPS, Web Filtering, SSL Inspection, and Application Control
🚀 Benefits:
• Enhanced security through network segmentation
• Reliable remote access for branch offices
• Centralized management and monitoring
• Improved resilience with failover internet
Strong network architecture isn’t just about connectivity—it’s about protection, performance, and control.
#CyberSecurity #Networking #Fortinet #Firewall #ITInfrastructure #NetworkSecurity #VPN #ITSupport
🔹 Share 🔹
📱 Channel : @Engineer_Computer
A well-designed network is the backbone of strong cybersecurity. This topology using Fortinet demonstrates how to build a secure and scalable infrastructure with proper segmentation and control.
✅ Key Highlights:
• Segmented zones: LAN (Trust), DMZ, and Management Network
• Secure remote connectivity via IPsec VPN
• Dual WAN setup for high availability and backup internet
• Controlled access policies between network zones
• Advanced security features like IPS, Web Filtering, SSL Inspection, and Application Control
🚀 Benefits:
• Enhanced security through network segmentation
• Reliable remote access for branch offices
• Centralized management and monitoring
• Improved resilience with failover internet
Strong network architecture isn’t just about connectivity—it’s about protection, performance, and control.
#CyberSecurity #Networking #Fortinet #Firewall #ITInfrastructure #NetworkSecurity #VPN #ITSupport
🔹 Share 🔹
📱 Channel : @Engineer_Computer