Introduction to Fortinet Firewall
Below are the FGT NGFW Use cases
1. Data Center (Hyperscale firewalls)
2. Branch (AI/ML Security driven architectire along with SD-WAN)
3. Campus (NAC integration along with FortiOS provides visibility and protection)
4. Cloud (Available across all cloud platform. Provides public and private cloud protection)
5. Segmentation (OT use cases)
Fortinet NGFW is available in many different hardware models based on Requirement
Data Center (High End): 7K, 6K, 3K, 2600F, 1800F, 1000F
Campus (Mid-Range): 600F, 400F, 200F, 100F
Branch (Entry-Level): 80F, 70F, 60F, 40F
FortiOS:
Lets look at the common different options offered by FortiOS (7.2.x) on the GUI.
Dashboard:
FortiOS includes pre-defined dashboards so admin can easily monitor device inventory, security threats, alerts and network health.
Monitors:
FortiOS includes pre-defined dashboards so admin can easily monitor device inventory, security threats, alerts and network health. There are 2 types of monitors
1. Non-Fortiview Monitors: Routing Table, DHCP Leased details, Connected VPNs, etc
2. Fortiview Monitors: Fortiview is the FortiOS log view tool and comprehensive monitoring system. It integrates realtime and historical data into a single view pane on the firewall.
Network:
Network section on the fortigate firewall covers multiple configuration objects which are fairely simple and will be used as per the network architecture.
1. Interfaces
FGT firewall gives multiple option when it comes to creating an interface
a. Physical
b. vlan
c. Aggregate (LAG)
d. Redundant Interface
e. Software Switch
f. Hardware Switch
g. EMAC-Vlan
h. Vxlan
i. Tunnel
j. vdom link
2. Explicit Proxy:
Explicit web proxy can be configured on FortiGate for proxying HTTP and HTTPS traffic. To deploy explicit proxy, individual client browsers can be manually configured to send requests directly to the proxy, or they can be configured to download proxy configuration instructions from a Proxy Auto-Configuration (PAC) file.
FTP proxies can be configured on the FortiGate so that FTP traffic can be proxied. When the FortiGate is configured as an FTP proxy, FTP client applications should be configured to send FTP requests to the FortiGate.
In a transparent proxy deployment, the user's client software, such as a browser, is unaware that it is communicating with a proxy. Users request internet content as usual, without any special client configuration, and the proxy serves their requests. FortiGate also allows users to configure in transparent proxy mode. To redirect HTTPS traffic, SSL inspection is required.
3. SDWAN:
SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It consolidates the physical transport connections, or underlays, and monitors and load-balances traffic across the links. VPN overlay networks can be built on top of the underlays to control traffic across different sites. Health checks and SD-WAN rules define the expected performance and business priorities, allowing the FortiGate to automatically and intelligently route traffic based on the application, internet service, or health of a particular connection. WAN security and intelligence can be extended into the LAN by incorporating wired and wireless networks under the same domain. FortiSwitch and FortiAP devices integrate seamlessly with the FortiGate to form the foundation of an SDBranch.
Note:
We will look at SDWAN in details in later blogs.
4. Static Routing and Dynamic Routing:
This section conatins static and dynamic routing protocol settings. Protocols will be chosen based on the network Architecture.
5. Policy and Objects:
This section consist of the firewall policies, objects, object groups, Services, NAT configurations.
6. Security Profiles:
This section contains the details UTM profiles offered by next generation firewall. These profiles are
Web Filter, AV, IPS, Application control, etc.
7. VPN:
This section will help admin to cnfigure the IPSEC, SSL VPNs using GUI. It also offers different SSL, IPSEC templates using wizards.
8. Users and Authentication:
In User & Authentication, admin can control network access for different users and devices in your network. FortiGate authentication controls system access by user group. By assigning individual users to the appropriate user groups admin can control each user’s access to network resources. Admin can define local users and peer users on the FortiGate unit and can also define user accounts on remote authentication servers and connect them to FortiOS.
9. system:
This Section contains information about FortiGate administration and system configuration that you can do after installing the FortiGate in your network. This section provides access to different options like HA, SNMP, FortiGuard, Feature Visibility, certificates, etc.
10. Security Fabric:
The Fortinet Security Fabric provides an intelligent architecture that interconnects discrete security solutions into an integrated whole to detect, monitor, block, and remediate attacks across the entire attack surface. It delivers broad protection and visibility into every network segment and device, be they hardware, virtual, or cloud based.
The core Fortinet Security Fabric consists of 3 major components FGT FMG & AZ, that work together to secure the network. The other recommnded fabric components are
Forticlient, ForticlientEMS, FortiAP, Fortiswitch, sandbox, deceptor etc.
11. Log & Report:
Logging and reporting are useful components to help you understand what is happening on your network, and to inform you about certain network activities, such as the detection of a virus, a visit to an invalid website, an intrusion, a failed log in attempt, and myriad others. Logging records the traffic that passes through, starts from, or ends on the FortiGate, and records the actions the FortiGate took during the traffic scanning process. After this information is recorded in a log message, it is stored in a log file that is stored on a log device (a central storage location for log messages). FortiGate supports sending all log types to several log devices, including FortiAnalyzer, FortiAnalyzer Cloud, FortiGate Cloud, and syslog servers. Approximately 5% of memory is used for buffering logs sent to FortiAnalyzer. The FortiGate system memory and local disk can also be configured to store logs, so it is also considered a log device.
Conclusion:
FortiGate NGFWs provide industry-leading threat protection and decryption at scale with a custom ASIC architecture. They also deliver Secure Networking with integrated features like SD-WAN, switching and wireless, and 5G. With FortiOS 7.x, it helps converging network solution into one-step simpler centralized Managed solution.
In Next Blog, Lets start understanding the concept of SDWAN and Fortinet's industrial Leading way to deliver it.
Comments
Post a Comment