FortiGate Firewall Components

The FortiGate firewall is made up of a number of different components that are used to build an impressive list of features that have flexibility of scope and granularity of control that provide protection that is beyond that provided by the basic firewalls of the past.

Some of the components that FortiOS uses to build features are:

• Interfaces
• VLANs
• Soft Switches
• Zones
• Predefined Addresses
• IP address based
• FQDN based
• Geography based l  Access Schedules l  Authentication
• Local User based
• Authentication Server based (Active Directory, Radius, LDAP)
• Device Based
• Configureable Services
• IPv4 and IPv6 protocol support

The features of FortiOS include but are not limited to:

• Security profiles, sometimes referred to as Unified Threat Management (UTM) or Next Generation Firewall(NGFW)
• Predefined firewall addresses (this includes IPv4 and IPv6, IP pools,. wildcard addresses and netmasks, and geography-based addresses)
• Monitoring traffic
• Traffic shaping and per-IP traffic shaping (advanced)
• Firewall schedules
• Services (such as AOL, DHCP and FTP)
• Logging traffic
• Quality of Service (QoS)
• Identity-based policies
• Endpoint security

The “Firewall concepts” expand on what each of the features does and how they relate to the administration of the FortiGate firewall. The section will also try to explain some of the common firewall concepts that will be touched on in the implementing of these features.

“Building firewall objects and policies” shows how to perform specific tasks with the FortiGate firewall.