Differences

This shows you the differences between two versions of the page.

--- network_stuff:fortinet [2023/10/13 08:29] – jotasandoku
+++ network_stuff:fortinet [2024/11/19 15:23] (current) – jotasandoku
@@ Line 4: / Line 4: @@
     * FortiAuthenticator
     * FortiGuard (TODO)
+    * FortiAnalyzer (logging)
 ----
 Deploying FortiX:
+To identify the hardware:
+  get system status
   * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands)
   * console
@@ Line 31: / Line 31: @@
   * Zones (TODO)
     * concept of sd-wan zone
-    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT
+    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT#
+----
+==== Security Fabric ====
+  * One FG acts as ''root'' and the other as ''downstream''. All F nodes synchronize with tcp-8013.
+  * Logging is required for the security fabric (in forti analyser or cloud)
+  * ''Security Fabric (left menu) > Fabric Connectors'' There we add all devices we want in the fabric + multiple options + also Enable REST-API
+  diagnose sys csf auzorisation pending-list
+----
+==== Security Features in the Firewalls explained ====
+  - Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled.
+  - NGFW performance is measured with : Firewall, IPS and Application Control enabled.
+  - IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.

dokucama

User Tools

Site Tools

Differences

Page Tools