* Fortinet NSE 7
    * FortiManager (fmg)
    * Fortigate (fw)
    * FortiAuthenticator
    * FortiGuard (TODO)
    * FortiAnalyzer (logging)

----

Deploying FortiX:
To identify the hardware:
  get system status

  * {{:network_stuff:cheatsheet-faz-fmgr-7.0-v1.2.pdf |cheat_sheet}} (with cli commands)
  * console
    * admin (no password) > ''show system interface'' ; '' config system interface'' ; ''edit port1'' << **Hierarchical like in Junos**
    * ''end'' applies configuration (no commit needed)


FortiGate 60F ( FortiOS 7.0 )
  * Fortilink ports and DMZ (labelled) ports
  * For console, we can use just the blue flat cable (usb to RJ45) and the MobaXterm > Serial conn. option

  show system interface



  * For the FortiNet, we want bring up the console from the UI itseld (top right)
    * example : ''execute ping bbc.com''
    * There's no commit like in Palos, just Applies
  * Zones (TODO)
    * concept of sd-wan zone
    * Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT#


----
==== Security Fabric ====
  * One FG acts as ''root'' and the other as ''downstream''. All F nodes synchronize with tcp-8013.
  * Logging is required for the security fabric (in forti analyser or cloud)
  * ''Security Fabric (left menu) > Fabric Connectors'' There we add all devices we want in the fabric + multiple options + also Enable REST-API

  diagnose sys csf auzorisation pending-list
  
----
==== Security Features in the Firewalls explained ====
  - Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled.
  - NGFW performance is measured with : Firewall, IPS and Application Control enabled.
  - IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.