Virtual Domains (VDOMS) – FortiOS 5.2 Best Practices

Virtual Domains (VDOMs) VDOMs can provide separate firewall policies and, in NAT/Route mode, completely separate configurations for routing and VPN services for each connected network or organization. This section provides a list of best practices for configuring VDOMs. Per-VDOM resource settings While Global resources apply to resources shared by the whole FortiGate unit, per-VDOM resources […]

FGCP High Availability – FortiOS 5.2 Best Practices

FGCP High Availability Fortinet suggests the following practices related to high availability: Use Active-Active HA to distribute TCP and UTM sessions among multiple cluster units. An active-active cluster may have higher throughput than a standalone FortiGate unit or than an active-passive cluster. Use a different host name on each FortiGate unit when configuring an HA […]

Networking – FortiOS 5.2 Best Practices

Networking When configuring your network, ensure that there is no ‘back door’ access to the protected network. For example, if there is a wireless access point, it must be appropriately protected with password and encryption. Be sure to also maintain an up-to-date network diagram which includes IP addressing, cabling, and network elements. Routing configuration Always […]

Policy Configuration – FortiOS 5.2 Best Practices

Policy configuration Configuring the FortiGate unit with an ‘allow all’ traffic policy is very undesirable. While this does greatly simplify the configuration, it is less secure. As a security measure, it is best practice for the policy rulebase to ‘deny’ by default, and not the other way around. Policy configuration changes On a heavy-loaded system, […]

Security Profiles – FortiOS 5.2 Best Practices

Security Profiles (AV, Web Filtering etc.) Infection can come from many sources and have many different effects. Because of this, there is no single means to effectively protect your network. Instead, you can best protect your network with the various UTM tools your FortiGate unit offers. Firewall Be careful when disabling or deleting firewall settings. […]

Performing a Configuration Backup – FortiOS 5.2 Best Practices

Performing a configuration backup Once you configure the FortiGate unit and it is working correctly, it is extremely important that you backup the configuration. In some cases, you may need to reset the FortiGate unit to factory defaults or perform a TFTP upload of the firmware, which will erase the existing configuration. In these instances, […]