Policy configuration Configuring the FortiGate unit with an ‘allow all’ traffic policy is very undesirable. While this does greatly simplify the configuration, it is less secure. As a security measure, it is best practice for the policy rulebase to ‘deny’ by default, and not the other way around. Policy configuration […]
Patch management When vulnerabilities are discovered in software, the software vendors release updates that fix these problems. Keeping your software and operating system up-to-date is a vital step to prevent infection and defend against attacks. Follow the latest advisories and reports on the FortiGuard webpage. l Apply updates to all […]
Web filtering FortiGuard Web Filtering can help stop infections from malware sites and help prevent communication if an infection occurs. Enable FortiGuard Web Filtering at the network edge. l Install the FortiClient application and use FortiGuard Web Filtering on any systems that bypass your FortiGate unit. Block categories such as […]
Email filter Spam is a common means by which attacks are delivered. Users often open email attachments they should not, and infect their own machine. l Enable email filtering at the network edge for all types of email traffic. l Use FortiClient endpoint IPS scanning for protection against threats that […]
Intrusion Prevention System (IPS) Your FortiGate’s IPS system can detect traffic attempting to exploit this vulnerability. IPS may also detect when infected systems communicate with servers to receive instructions. Refer to the following list of best practices regarding IPS. Enable IPS scanning at the network edge for all services. l […]
Antivirus Enable antivirus scanning at the network edge for all services. l Use FortiClient endpoint antivirus scanning for protection against threats that get into your network. Subscribe to FortiGuard AntiVirus Updates and configure your FortiGate unit to receive push updates. This will ensure you receive antivirus signature updates as soon […]
Authentication You must add a valid user group to activate the Authentication check box on the firewall policy configuration page. Users can authenticate with the firewall using HTTP or FTP. For users to be able to authenticate, you must add an HTTP or FTP policy that is configured for authentication.
Security Use NTP to synchronize time on the FortiGate and the core network systems, such as email servers, web servers, and logging services. Enable log rules to match corporate policy. For example, log administration authentication events and access to systems from untrusted interfaces. Minimize adhoc changes to live systems, if […]