Policy Configuration – FortiOS 5.2 Best Practices

Policy configuration Configuring the FortiGate unit with an ‘allow all’ traffic policy is very undesirable. While this does greatly simplify the configuration, it is less secure. As a security measure, it is best practice for the policy rulebase to ‘deny’ by default, and not the other way around. Policy configuration changes On a heavy-loaded system, […]

Security Profiles – FortiOS 5.2 Best Practices

Security Profiles (AV, Web Filtering etc.) Infection can come from many sources and have many different effects. Because of this, there is no single means to effectively protect your network. Instead, you can best protect your network with the various UTM tools your FortiGate unit offers. Firewall Be careful when disabling or deleting firewall settings. […]

Performing a Configuration Backup – FortiOS 5.2 Best Practices

Performing a configuration backup Once you configure the FortiGate unit and it is working correctly, it is extremely important that you backup the configuration. In some cases, you may need to reset the FortiGate unit to factory defaults or perform a TFTP upload of the firmware, which will erase the existing configuration. In these instances, […]

Firmware Change Management – FortiOS 5.2 Best Practices

Firmware change management Consider the following five points when performing firmware upgrades, not only in FortiOS but in general. This applies to pretty much any change you have to do in a production environment. Understanding the new version first Before attempting any changes in production, first make sure you set up a laboratory where you […]


Welcome to Fortinet Guru. My name is Mike and I am an expert when it comes to Fortinet hardware. I am the guy Fortinet and other Value Added Re-sellers (VARs) call when someone has made a mess of their Fortinet deployment and needs help. I consult for an Information Security company that is based in […]