network_stuff:fortinet
- Fortinet NSE 7
- FortiManager (fmg)
- Fortigate (fw)
- FortiAuthenticator
- FortiGuard (TODO)
- FortiAnalyzer (logging)
Deploying FortiX: To identify the hardware:
get system status
- cheat_sheet (with cli commands)
- console
- admin (no password) >
show system interface;config system interface;edit port1« Hierarchical like in Junos endapplies configuration (no commit needed)
FortiGate 60F ( FortiOS 7.0 )
- Fortilink ports and DMZ (labelled) ports
- For console, we can use just the blue flat cable (usb to RJ45) and the MobaXterm > Serial conn. option
show system interface
- For the FortiNet, we want bring up the console from the UI itseld (top right)
- example :
execute ping bbc.com - There's no commit like in Palos, just Applies
- Zones (TODO)
- concept of sd-wan zone
- Firewall policy&objexts > (classical inside to internet) + Central SNAT policy (for source nat policy) + Settings and tick Central SNAT#
Security Fabric
- One FG acts as
rootand the other asdownstream. All F nodes synchronize with tcp-8013. - Logging is required for the security fabric (in forti analyser or cloud)
Security Fabric (left menu) > Fabric ConnectorsThere we add all devices we want in the fabric + multiple options + also Enable REST-API
diagnose sys csf auzorisation pending-list
—-
Security Features in the Firewalls explained
- Threat Protection performance is measured with :Firewall, IPS, Application Control and Malware Protection enabled.
- NGFW performance is measured with : Firewall, IPS and Application Control enabled.
- IPS (Enterprise Mix), Application Control, NGFW and Threat Protection are measured with Logging enabled.
network_stuff/fortinet.txt · Last modified: by jotasandoku
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
