dokucama

User Tools

Site Tools

Trace: wifi linux vpn_troubleshooting libvirt jpuppet kubernetes
network_stuff:fortinet

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:fortinet [2023/10/12 17:15] jotasandokunetwork_stuff:fortinet [2024/11/19 15:23] (current) jotasandoku
Line 4: Line 4:
     * FortiAuthenticator     * FortiAuthenticator
     * FortiGuard (TODO)     * FortiGuard (TODO)
- +    * FortiAnalyzer (logging)
- +
-Fortigate models: 60X  +
  
 ---- ----
  
 Deploying FortiX: Deploying FortiX:
 +To identify the hardware:
 +  get system status
 +
   * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands)   * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands)
   * console   * console
     * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos**     * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos**
     * ''end'' applies configuration (no commit needed)     * ''end'' applies configuration (no commit needed)
 +
 +
 +FortiGate 60F ( FortiOS 7.0 )
 +  * Fortilink ports and DMZ (labelled) ports
 +  * For console, we can use just the blue flat cable (usb to RJ45) and the MobaXterm > Serial conn. option
 +
 +  show system interface
 +
 +
 +
   * For the FortiNet, we want bring up the console from the UI itseld (top right)   * For the FortiNet, we want bring up the console from the UI itseld (top right)
     * example : ''execute ping bbc.com''     * example : ''execute ping bbc.com''
Line 21: Line 31:
   * Zones (TODO)   * Zones (TODO)
     * concept of sd-wan zone     * concept of sd-wan zone
-    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT+    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT
 + 
 + 
 +---- 
 +==== Security Fabric ==== 
 +  * One FG acts as ''root'' and the other as ''downstream''. All F nodes synchronize with tcp-8013. 
 +  * Logging is required for the security fabric (in forti analyser or cloud) 
 +  * ''Security Fabric (left menu) > Fabric Connectors'' There we add all devices we want in the fabric + multiple options + also Enable REST-API 
 + 
 +  diagnose sys csf auzorisation pending-list 
 +   
 +---- 
 +==== Security Features in the Firewalls explained ==== 
 +  - Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled. 
 +  - NGFW performance is measured with : Firewall, IPS and Application Control enabled. 
 +  - IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled. 
network_stuff/fortinet.1697130927.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki