Intrusion Prevention System (IPS) Your FortiGate’s IPS system can detect traffic attempting to exploit this vulnerability. IPS may also detect when infected systems communicate with servers to receive instructions. Refer to the following list of best practices regarding IPS. Enable IPS scanning at the network edge for all services. l […]
Antivirus Enable antivirus scanning at the network edge for all services. l Use FortiClient endpoint antivirus scanning for protection against threats that get into your network. Subscribe to FortiGuard AntiVirus Updates and configure your FortiGate unit to receive push updates. This will ensure you receive antivirus signature updates as soon […]
Authentication You must add a valid user group to activate the Authentication check box on the firewall policy configuration page. Users can authenticate with the firewall using HTTP or FTP. For users to be able to authenticate, you must add an HTTP or FTP policy that is configured for authentication.
Security Use NTP to synchronize time on the FortiGate and the core network systems, such as email servers, web servers, and logging services. Enable log rules to match corporate policy. For example, log administration authentication events and access to systems from untrusted interfaces. Minimize adhoc changes to live systems, if […]
Firewall Be careful when disabling or deleting firewall settings. Changes that you make to the firewall configuration using the GUI or CLI are saved and activated immediately. Arrange firewall policies in the policy list from more specific to more general. The firewall searches for a matching policy starting from the […]
Firmware Firmware upgrading and downgrading sounds pretty simple, anyone can do it, right? The mark of a professional is not that they can do something correctly, or even do it correctly over and over again. A professional works in such a way that, if anything goes wrong they are prepared […]
General considerations For security purposes, NAT mode is preferred because all of the internal or DMZ networks can have secure private addresses. NAT mode policies use network address translation to hide the addresses in a more secure zone from users in a less secure zone. Use virtual domains (VDOMs) to […]
Part 2 of the white board session that shows some diagrams via computer (may be clearer than my whiteboard with glare) as well as some inside the fortigate perspective.