Wireless – FortiOS 5.2 Best Practices

Wireless The following section contains a list of best practices for wireless network configurations with regard to encryption and authentication, geographic location, network planning, power usage, client load balancing, local bridging, SSIDs, and the use of static IPs. Encryption and authentication It is best practice to always enable the strongest user authentication and encryption method […]

Explicit Proxy – FortiOS 5.2 Best Practices

Explicit proxy For explicit proxies, when configuring limits on the number of concurrent users, you need to allow for the number of users based on their authentication method. Otherwise you may run out of user resources prematurely. Each session-based authenticated user is counted as a single user using their authentication membership (RADIUS, LDAP, FSAE, local […]

Virtual Domains (VDOMS) – FortiOS 5.2 Best Practices

Virtual Domains (VDOMs) VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for each connected network or organization. This section provides a list of best practices for configuring VDOMs. Per-VDOM resource settings While Global resources apply to resources shared by the whole FortiGate unit, per-VDOM resources […]

FGCP High Availability – FortiOS 5.2 Best Practices

FGCP High Availability Fortinet suggests the following practices related to high availability: Use Active-Active HA to distribute TCP and UTM sessions among multiple cluster units. An active-active cluster may have higher throughput than a standalone FortiGate unit or than an active-passive cluster. Use a different host name on each FortiGate unit when configuring an HA […]

Networking – FortiOS 5.2 Best Practices

Networking When configuring your network, ensure that there is no ‘back door’ access to the protected network. For example, if there is a wireless access point, it must be appropriately protected with password and encryption. Be sure to also maintain an up-to-date network diagram which includes IP addressing, cabling, and network elements. Routing configuration Always […]