dokucama

User Tools

Site Tools

Trace: linux kubernetes
network_stuff:fortinet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:fortinet [2023/10/12 17:08] jotasandokunetwork_stuff:fortinet [2024/11/19 15:23] (current) jotasandoku
Line 4: Line 4:
     * FortiAuthenticator     * FortiAuthenticator
     * FortiGuard (TODO)     * FortiGuard (TODO)
- +    * FortiAnalyzer (logging)
- +
-Fortigate models: 60X  +
  
 ---- ----
  
 Deploying FortiX: Deploying FortiX:
 +To identify the hardware:
 +  get system status
 +
   * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands)   * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands)
   * console   * console
     * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos**     * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos**
     * ''end'' applies configuration (no commit needed)     * ''end'' applies configuration (no commit needed)
 +
 +
 +FortiGate 60F ( FortiOS 7.0 )
 +  * Fortilink ports and DMZ (labelled) ports
 +  * For console, we can use just the blue flat cable (usb to RJ45) and the MobaXterm > Serial conn. option
 +
 +  show system interface
 +
 +
 +
   * For the FortiNet, we want bring up the console from the UI itseld (top right)   * For the FortiNet, we want bring up the console from the UI itseld (top right)
     * example : ''execute ping bbc.com''     * example : ''execute ping bbc.com''
 +    * There's no commit like in Palos, just Applies
 +  * Zones (TODO)
 +    * concept of sd-wan zone
 +    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT#
 +
 +
 +----
 +==== Security Fabric ====
 +  * One FG acts as ''root'' and the other as ''downstream''. All F nodes synchronize with tcp-8013.
 +  * Logging is required for the security fabric (in forti analyser or cloud)
 +  * ''Security Fabric (left menu) > Fabric Connectors'' There we add all devices we want in the fabric + multiple options + also Enable REST-API
 +
 +  diagnose sys csf auzorisation pending-list
 +  
 +----
 +==== Security Features in the Firewalls explained ====
 +  - Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled.
 +  - NGFW performance is measured with : Firewall, IPS and Application Control enabled.
 +  - IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.
 +
network_stuff/fortinet.1697130505.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki