Fortinet DMZ with HAProxy Virtual Host Routing

general · architecture diagram.

Diagrams.so

About This Architecture

Fortinet firewall-protected DMZ with HAProxy virtual host routing distributes traffic across multiple application pools based on DNS hostname. Internet users resolve mydomain.com through DNS, traverse the Fortinet Firewall and WAF, then reach HAProxy which routes requests to www.my.domain.com, iss.domain.com, wh.domain.com, and Other Services pools. This architecture isolates backend servers on internal network 10.x.x.x behind multiple security layers, enforcing least-privilege access and defense-in-depth. Fork this diagram to customize firewall rules, add SSL termination, or adjust pool member counts for your environment. The design demonstrates how virtual host routing eliminates single-purpose load balancers while maintaining strict network segmentation.

People also ask

How do I design a secure DMZ with Fortinet Firewall and HAProxy for routing multiple virtual hosts to different backend servers?

This diagram shows a three-layer security model: Fortinet Firewall blocks unauthorized traffic, WAF protects against application attacks, and HAProxy routes requests by hostname (www.my.domain.com, iss.domain.com, wh.domain.com) to isolated backend pools on internal network 10.x.x.x. Virtual host routing eliminates the need for separate load balancers per application while maintaining strict netwo

Fortinet DMZ with HAProxy Virtual Host Routing

AutointermediateDMZFortinetHAProxyload-balancingnetwork-securityvirtual-host-routing
Domain: NetworkingAudience: Network architects designing secure DMZ topologies with virtual host routing
0 views0 favoritesPublic

Created by

March 31, 2026

Updated

March 31, 2026 at 3:08 AM

Type

architecture

Need a custom architecture diagram?

Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.

Generate with AI