About This Architecture

Fortinet firewall-protected DMZ with HAProxy virtual host routing distributes traffic across multiple application pools based on DNS hostname. Internet users resolve mydomain.com through DNS, traverse the Fortinet Firewall and WAF, then reach HAProxy which routes requests to www.my.domain.com, iss.domain.com, wh.domain.com, and Other Services pools. This architecture isolates backend servers on internal network 10.x.x.x behind multiple security layers, enforcing least-privilege access and defense-in-depth. Fork this diagram to customize firewall rules, add SSL termination, or adjust pool member counts for your environment. The design demonstrates how virtual host routing eliminates single-purpose load balancers while maintaining strict network segmentation.

People also ask

How do I design a secure DMZ with Fortinet Firewall and HAProxy for routing multiple virtual hosts to different backend servers?

This diagram shows a three-layer security model: Fortinet Firewall blocks unauthorized traffic, WAF protects against application attacks, and HAProxy routes requests by hostname (www.my.domain.com, iss.domain.com, wh.domain.com) to isolated backend pools on internal network 10.x.x.x. Virtual host routing eliminates the need for separate load balancers per application while maintaining strict netwo