dokucama

User Tools

Site Tools

Trace: cryptocurrencies frr linux cscaler jpuppet kubernetes vpn_troubleshooting jinja2 wifi libvirt
network_stuff:fortinet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:fortinet [2023/10/11 18:07] jotasandokunetwork_stuff:fortinet [2024/11/19 15:23] (current) jotasandoku
Line 4: Line 4:
     * FortiAuthenticator     * FortiAuthenticator
     * FortiGuard (TODO)     * FortiGuard (TODO)
 +    * FortiAnalyzer (logging)
  
 +----
  
-Fortigate models60X +Deploying FortiX: 
 +To identify the hardware: 
 +  get system status 
 + 
 +  * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands) 
 +  * console 
 +    * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos** 
 +    * ''end'' applies configuration (no commit needed) 
 + 
 + 
 +FortiGate 60F ( FortiOS 7.0 ) 
 +  * Fortilink ports and DMZ (labelled) ports 
 +  * For console, we can use just the blue flat cable (usb to RJ45) and the MobaXterm > Serial conn. option 
 + 
 +  show system interface 
 + 
 + 
 + 
 +  * For the FortiNet, we want bring up the console from the UI itseld (top right) 
 +    * example : ''execute ping bbc.com'' 
 +    * There's no commit like in Palos, just Applies 
 +  * Zones (TODO) 
 +    * concept of sd-wan zone 
 +    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT#
  
  
 ---- ----
 +==== Security Fabric ====
 +  * One FG acts as ''root'' and the other as ''downstream''. All F nodes synchronize with tcp-8013.
 +  * Logging is required for the security fabric (in forti analyser or cloud)
 +  * ''Security Fabric (left menu) > Fabric Connectors'' There we add all devices we want in the fabric + multiple options + also Enable REST-API
 +
 +  diagnose sys csf auzorisation pending-list
 +  
 +----
 +==== Security Features in the Firewalls explained ====
 +  - Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled.
 +  - NGFW performance is measured with : Firewall, IPS and Application Control enabled.
 +  - IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.
  
-Deploying FortiManager (version 7.2): 
-  * cheat_sheetr {{ :network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}}(with cli commands) 
-  * console 
-    * admin (no password) > ''show system interface'' ; '' config system interface'' 
network_stuff/fortinet.1697047647.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki