Policy configuration Configuring the FortiGate unit with an ‘allow all’ traffic policy is very undesirable. While this does greatly simplify the configuration, it is less secure. As a security measure, it is best practice for the policy rulebase to ‘deny’ […]

Patch management When vulnerabilities are discovered in software, the software vendors release updates that fix these problems. Keeping your software and operating system up-to-date is a vital step to prevent infection and defend against attacks. Follow the latest advisories and […]

Web filtering FortiGuard Web Filtering can help stop infections from malware sites and help prevent communication if an infection occurs. Enable FortiGuard Web Filtering at the network edge. l Install the FortiClient application and use FortiGuard Web Filtering on any […]

Email filter Spam is a common means by which attacks are delivered. Users often open email attachments they should not, and infect their own machine. l Enable email filtering at the network edge for all types of email traffic. l […]

Intrusion Prevention System (IPS) Your FortiGate’s IPS system can detect traffic attempting to exploit this vulnerability. IPS may also detect when infected systems communicate with servers to receive instructions. Refer to the following list of best practices regarding IPS. Enable […]

Antivirus Enable antivirus scanning at the network edge for all services. l Use FortiClient endpoint antivirus scanning for protection against threats that get into your network. Subscribe to FortiGuard AntiVirus Updates and configure your FortiGate unit to receive push updates. […]

Authentication You must add a valid user group to activate the Authentication check box on the firewall policy configuration page. Users can authenticate with the firewall using HTTP or FTP. For users to be able to authenticate, you must add […]