dokucama

User Tools

Site Tools

Trace: fortinet netbox wireshark-troubleshoot wifi jpuppet vpn_troubleshooting frr cryptocurrencies libvirt
network_stuff:fortinet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:fortinet [2023/10/11 13:12] jotasandokunetwork_stuff:fortinet [2024/11/19 15:23] (current) jotasandoku
Line 1: Line 1:
-  * Fortinet NSE 7 (fortigate?+  * Fortinet NSE 7 
-    * Watch cbt nuggets certc.. videos+    * FortiManager (fmg
 +    * Fortigate (fw) 
 +    * FortiAuthenticator 
 +    * FortiGuard (TODO) 
 +    * FortiAnalyzer (logging) 
 + 
 +---- 
 + 
 +Deploying FortiX: 
 +To identify the hardware: 
 +  get system status 
 + 
 +  * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands) 
 +  * console 
 +    * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos** 
 +    * ''end'' applies configuration (no commit needed) 
 + 
 + 
 +FortiGate 60F ( FortiOS 7.0 ) 
 +  * Fortilink ports and DMZ (labelled) ports 
 +  * For console, we can use just the blue flat cable (usb to RJ45) and the MobaXterm > Serial conn. option 
 + 
 +  show system interface 
 + 
 + 
 + 
 +  * For the FortiNet, we want bring up the console from the UI itseld (top right) 
 +    * example : ''execute ping bbc.com'' 
 +    * There's no commit like in Palos, just Applies 
 +  * Zones (TODO) 
 +    * concept of sd-wan zone 
 +    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT# 
 + 
 + 
 +---- 
 +==== Security Fabric ==== 
 +  * One FG acts as ''root'' and the other as ''downstream''. All F nodes synchronize with tcp-8013. 
 +  * Logging is required for the security fabric (in forti analyser or cloud) 
 +  * ''Security Fabric (left menu) > Fabric Connectors'' There we add all devices we want in the fabric + multiple options + also Enable REST-API 
 + 
 +  diagnose sys csf auzorisation pending-list 
 +   
 +---- 
 +==== Security Features in the Firewalls explained ==== 
 +  - Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled. 
 +  - NGFW performance is measured with : Firewall, IPS and Application Control enabled. 
 +  - IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled. 
network_stuff/fortinet.1697029966.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki