FGCP High Availability

Leave a reply

FGCP High Availability

 

Fortinet suggests the following practices related to high availability:

  • Use Active-Active HA to distribute TCP and UTM sessions among multiple cluster units. An active-active cluster may have higher throughput than a standalone FortiGate unit or than an active-passive cluster.
  • Use a different host name on each FortiGate unit when configuring an HA cluster. Fewer steps are required to add host names to each cluster unit before configuring HA and forming a cluster.
  • Consider adding an Alias to the interfaces used for the HA heartbeat so that you always get a reminder about what these interfaces are being used for.
  • Enabling load-balance-all can increase device and network load since more traffic is load-balanced. This may be appropriate for use in a deployment using the firewall capabilities of the FortiGate unit and IPS but no other content inspection.
  • An advantage of using session pickup is that non-content inspection sessions will be picked up by the new primary unit after a failover. The disadvantage is that the cluster generates more heartbeat traffic to support session pickup as a larger portion of the session table must be synchronized. Session pickup should be configured only when required and is not recommended for use with SOHO FortiGate models. Session pickup should only be used if the primary heartbeat link is dedicated (otherwise the additional HA heartbeat traffic could affect network performance).
  • If session pickup is not selected, after a device or link failover all sessions are briefly interrupted and must be re- established at the application level after the cluster renegotiates. For example, after a failover, users browsing the web can just refresh their browsers to resume browsing. Users downloading large files may have to restart their download after a failover. Other protocols may experience data loss and some protocols may require sessions to be manually restarted. For example, a user downloading files with FTP may have to either restart downloads or restart their FTP client.
  • If you need to enable session pickup, consider enabling session pickup delay to improve performance by reducing the number of sessions that are synchronized.
  • Consider using the session-sync-dev option to move session synchronization traffic off the HA heartbeat link to one or more dedicated session synchronization interfaces.
  • To avoid unpredictable results, when you connect a switch to multiple redundant or aggregate interfaces in an active-passive cluster you should configure separate redundant or aggregate interfaces on the switch; one for each cluster unit.
  • Use SNMP, syslog, or email alerts to monitor a cluster for failover messages. Alert messages about cluster failovers may help find and diagnose network problems quickly and efficiently.

 

Heartbeat interfaces

Fortinet suggests the following practices related to heartbeat interfaces:

Do not use a FortiGate switch port for the HA heartbeat traffic. This configuration is not supported.

  • For clusters of two FortiGate units, as much as possible, heartbeat interfaces should be directly connected using patch cables (without involving other network equipment such as switches). If switches have to be used they should not be used for other network traffic that could flood the switches and cause heartbeat delays.
  • If you cannot use a dedicated switch, the use of a dedicated VLAN can help limit the broadcast domain to protect the heartbeat traffic and the bandwidth it creates.
  • For clusters of three or four FortiGate units, use switches to connect heartbeat interfaces. The corresponding heartbeat interface of each FortiGate unit in the cluster must be connected to the same switch. For improved redundancy use a different switch for each heartbeat interface. In that way if the switch connecting one of the heartbeat interfaces fails or is unplugged, heartbeat traffic can continue on the other heartbeat interfaces and switch.
  • Isolate heartbeat interfaces from user networks. Heartbeat packets contain sensitive cluster configuration information and can consume a considerable amount of network bandwidth. If the cluster consists of two FortiGate units, connect the heartbeat interfaces directly using a crossover cable or a regular Ethernet cable. For clusters with more than two units, connect heartbeat interfaces to a separate switch that is not connected to any network.
  • If heartbeat traffic cannot be isolated from user networks, enable heartbeat message encryption and authentication to protect cluster information. See Enabling or disabling HA heartbeat encryption and authentication.
  • Configure and connect redundant heartbeat interfaces so that if one heartbeat interface fails or becomes disconnected, HA heartbeat traffic can continue to be transmitted using the backup heartbeat interface. If heartbeat communication fails, all cluster members will think they are the primary unit resulting in multiple devices on the network with the same IP addresses and MAC addresses (condition referred to as Split Brain) and communication will be disrupted until heartbeat communication can be reestablished.
  • Do not monitor dedicated heartbeat interfaces; monitor those interfaces whose failure should trigger a device failover.
  • Where possible at least one heartbeat interface should not be connected to an NPx processor to avoid NPx-related problems from affecting heartbeat traffic.

 

Interface monitoring (port monitoring)

Fortinet suggests the following practices related to interface monitoring (also called port monitoring):

  • Wait until a cluster is up and running and all interfaces are connected before enabling interface monitoring. A monitored interface can easily become disconnected during initial setup and cause failovers to occur before the cluster is fully configured and tested.
  • Monitor interfaces connected to networks that process high priority traffic so that the cluster maintains connections to these networks if a failure occurs.
  • Avoid configuring interface monitoring for all interfaces.
  • Supplement interface monitoring with remote link failover. Configure remote link failover to maintain packet flow if a link not directly connected to a cluster unit (for example, between a switch connected to a cluster interface and the network) fails. See Remote link failover.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Networking – Best Practice – FortiOS 5.4.x

2 Replies

Networking

When configuring your network, ensure that there is no ‘back door’ access to the protected network. For example, if there is a wireless access point, it must be appropriately protected with password and encryption.

Be sure to also maintain an up-to-date network diagram which includes IP addressing, cabling, and network elements.

 

Routing configuration

  • Always configure a default route.
  • Add blackhole routes for subnets reachable using VPN tunnels. This ensures that if a VPN tunnel goes down, traffic is not mistakingly routed to the Internet unencrypted.

 

Policy routing

Keep the number of policy routes to a minimum to optimize performance in route lookup and to simplify troubleshooting.

 

Dynamic routing

  • Select a Router ID that matches an IP assigned to an interface. This avoids the likelihood of having two devices with the same router ID.
  • For routing over an IPsec tunnel, assign IP addresses to both ends of the tunnel.

 

Advanced routing

Use the following best practices for advanced routing when dealing with Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF).

 

Border Gateway Protocol (BGP)

If you are using BGP, it is recommended that you enable soft-reconfiguration. This has two benefits:

  • It allows you to perform ‘soft clear’ of peers after a change is made to a BGP policy.
  • It provides greater visibility into the specific prefixes learned from each neighbor.

Leave soft-reconfiguration disabled if your FortiGate does not have much unused memory. Soft-reconfiguration requires keeping separate copies of prefixes received and advertised, in addition to the local BGP database.

 

Open Shortest Path First (OSPF)

  • Avoid use of passive interfaces wherever possible.
  • Avoid use of virtual links to connect areas. All areas should be designed to connect directly to the backbone area.
  • Ensure that all backbone routers have a minimum of two peering connections to other backbone neighbors.
  • An entire OSPF domain should be under common administration.

 

Network Address Translation (NAT)

  • Beware of misconfiguring the IP Pool range. Double-check the start and end IPs of each IP pool. The IP pool should not overlap with addresses assigned to FortiGate interfaces or to any hosts on directly connected networks.
  • If you have internal and external users accessing the same servers, use split DNS to offer an internal IP to internal users so that they don’t have to use the external-facing VIP.

 

Configuring NAT

Do not enable NAT for inbound traffic unless it is required by an application. If, for example, NAT is enabled for inbound SMTP traffic, the SMTP server might act as an open relay.

 

Transparent Mode

  • Do not connect two ports to the same VLAN on a switch or to the same hub. Some Layer 2 switches become unstable when they detect the same MAC address originating on more than one switch interface or from more than one VLAN.
  • If you operate multiple VLANs on your FortiGate unit, assign each VLAN id to its own forwarding domain to ensure that the scope of the broadcast does not extend beyond the VLAN it originated in.

 

To protect against Layer 2 loops:

  • Enable stpforward on all interfaces.
  • Use separate VDOMs for production traffic (TP mode VDOM) and management traffic (NAT/Route mode VDOM).
  • Only place those interfaces used for production in the TP mode VDOM. Place all other interfaces in the NAT/Route mode VDOM. This protects against potential Layer 2 loops.

Using Virtual IPs (VIPs)

  • Use the external IP of 0.0.0.0 when creating a VIP for a FortiGate unit where the external interface IP address is dynamically assigned.
  • Be sure to select the correct external interface when creating a new virtual IP (VIP). The external interface should be set to the interface at which the FortiGate unit receives connection requests from external networks.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Configuring FSSO Advanced Settings

Leave a reply

Configuring FSSO Advanced Settings

Depending on your network topologies and requirement, you may need to configure advanced settings in the FSSO Colloctor agent.To do so, from the Start menu, select Programs > Fortinet > Fortinet Single Sign-On Agent > Configure Fortinet Single Sign-On Agent, then from the Common Tasks section, select Advanced Settings.

 

This section include :

  • General Settings
  • Citrix/Terminal Server
  • Exchange Server
  • RADIUS Accounting

 

General Settings

In the General tab, enter the following information and select OK.

Worker thread count             Number of threads started in the CA process. Default is128 on CA version 5.0.0241.

Maximum FortiGate con- nections

Number of FortiGates can be connected to the CA. Default is 64.

Group look-up interval         The interval in seconds to lookup users/groups. If an AD group membership of cur- rently logged on user, CA can detect this and update information on the FortiGate. Enter 0 for no checking.

Windows security Event logs

Choose the event logs to poll.

Event IDs to poll                    0:Default set, it includes Kerberos authentication event logs : 672 for Windows server 2003, 4768 for Windows server 2008 and 2012 and NTLM authentication event logs : 680 for Windows server 2003, 4776 for Windows server 2008 and 2012. 1: Extended set, it includes Kerberos service ticket event logs : 673 for Windows server 2003, 4769 for Windows server 2008 and 2012. Service tickets are obtained whenever a user or computer accesses a server on the network.

List the event ids separated by “;”.

Workstation Check                Optianally enable Use WMI to check user logoff for the collector agent to query whether users is still logged on.

Workstation Name Res- olution Advance Options

Alternative DNS server

(s)

Collector Agent uses the DNS server configured on the machine it is running on by default. If CA should use another DNS server then one or more alternative DNS server can be configured here.

Alternative work- station suffix(es)

If only host name is available CA uses the default domain suffix to build a FQDN for

DNS queries. In case CA should use a different suffix, it can be configured as well.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8

Configuring FSSO with Novell networks

Leave a reply

Configuring FSSO with Novell networks

You need to configure the eDirectory agent for it to communicate with eDirectory servers. You may have provided some of this information during installation.

This section includes:

  • Configuring the eDirectory agent
  • Adding an eDirectory server
  • Configuring a group filter

 

Configuring the eDirectory agent

You need to configure the eDirectory agent for it to communicate with eDirectory servers.

 

To configure the eDirectory agent:

1. From the Start menu select Programs > Fortinet > eDirectory Agent > eDirectory Config Utility.

2. The eDirectory Agent Configuration Utility dialog opens. Enter the following information and select OK.

 

 

 

 

eDirectory Authentication
Username                                   Enter a username that has access to the eDirectory, using LDAP format.
Password                                   Enter the password.
Listening port                           Enter the TCP port on which Fortinet Single Sign On Agent listens for con- nections from FortiGate units. The default is 8000. You can change the port if necessary.
Refresh interval                         Enter the interval in seconds between polls of the eDirectory server to check for new logons. The default is 30 seconds.

 

FortiGate Connection Authentication
Require authenticated con-     Select to require the FortiGate unit to authenticate before connecting to

nection from FortiGate             the eDirectory Agent.
Password                                   Enter the password that FortiGate units must use to authenticate. The max- imum password length is 16 characters. The default password is “Fortin- etCanada”.
User logon Info Search            Select how the eDirectory agent accesses user logon information: LDAP or

Method                                       Native (Novell API). LDAP is the default.

 

If you select Native, you must also have the Novell Client installed on the

PC.

 

Logging
Log file size limit (MB)             Enter the maximum size for the log file in MB.
View Log                                    View the current log file.
Dump Session                           List the currently logged-on users in the log file. This can be useful for troubleshooting.
Log level                                    Select Debug, Info, Warning or Error as the minimum severity level of message to log or select None to disable logging.

 

eDirectory Server List
Add                                             Add an eDirectory server. See Adding an eDirectory server on page 581.
Delete                                         Delete the selected eDirectory server.
Edit                                             Modify the settings for the selected server.
Set Group Filters…                   Select the user groups whose user logons will be reported to the FortiGate unit. This is used only if user groups are not selected on the FortiGate unit.

 

 

 

 

Adding an eDirectory server

 

Once the eDirectory agent is configured, you add one or more eDirectory servers.

 

 

To add an eDirectory server:

 

  1. 1. In the eDirectory Agent Configuration Utility dialog box (see the preceding procedure, Configuring the eDirectory agent), select Add.
  2. 2. The eDirectory Setup dialog box opens. Enter the following information and select OK:

 

eDirectory Server Address           Enter the IP address of the eDirectory server.

 

Port                                                  If the eDirectory server does not use the default port 389, clear the

Default check box and enter the port number.

 

Use default credential                   Select to use the credentials specified in the eDirectory Configuration Utility. See Configuring the eDirectory agent on page 579. Otherwise, leave the check box clear and enter a username and Password below.

 

User name                         Enter a username that has access to the eDirectory, using LDAP format.

 

User password                 Enter the password.

 

Use secure connection (SSL)      Select to connect to the eDirectory server using SSL security.

 

Search Base DN                             Enter the base Distinguished Name for the user search.

 

 

Configuring a group filter

 

The eDirectory agent sends user logon information to the FortiGate unit for all user groups unless you either configure an LDAP server entry for the eDirectory on the FortiGate unit and select the groups that you want to monitor or configure the group filter on the eDirectory agent.

 

If both the FortiGate LDAP configuration and the eDirectory agent group filter are present, the FortiGate user group selections are used.

 

To configure the group filter:

 

  1. 1. From the Start menu select Programs > Fortinet > eDirectory Agent > eDirectory Config Utility.
  2. 2. Select Set Group Filters.
  3. 3. Do one of the following:

l  Enter group names, then select Add.

l  Select Advanced, select groups, and then select Add.

 

  1. 4. Select OK.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Configuring the FSSO TS agent for Citrix

1 Reply

Configuring the FSSO TS agent for Citrix

 

The FSSO TS agent works with the same FSSO Collector agent that is used for integration with Windows Active Directory. Install the Collector agent first. Follow the Collector agent installation procedure in Collector agent installation on page 562.

 

Configuration steps include:

  • Install the Fortinet Citrix FSSO agent on the Citrix server.
  • Install the Fortinet FSSO collector on a server on the network.
  • Add the Citrix FSSO agent to the FortiGate Single-sign-On configuration.
  • Add Citrix FSSO groups and users to an FSSO user group.
  • Add an FSSO identity-based security policy that includes the Citrix FSSO user groups.

To change the TS agent configuration, select from the Start menu Programs > Fortinet > Fortinet Single Sign-On Agent > TSAgent Config. In addition to the host and Collector agent IP addresses that you set during installation, you can adjust port allocations for Citrix users. When a Citrix user logs on, the TS agent assigns that user a range of ports. By default each user has a range of 200 ports.

 

Fortinet SSO Collector Agent IP and Port needs to point to the current configured listening port on the collector which is port 8002 by default. Though it may be con- figured to a custom port.

Configuring the TS agent

Configuring FSSO TS Agent For Citrix


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiOS 5.2.8 Release Notes

Leave a reply

Introduction

This document provides the following information for FortiOS 5.2.8 build 0727:

  • Special Notices
  • Upgrade Information
  • Product Integration and Support
  • Resolved Issues
  • Known Issues
  • Limitations

See the Fortinet Document Library for FortiOS documentation.

Supported models

FortiOS 5.2.8 supports the following models.

FortiGate FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C, FG-60C-SFP,

FG-60C-POE, FG-60D, FG-60D-3G4G-VZW, FG-60D-POE, FG-70D, FG-70D-POE,

FG-80C, FG-80CM, FG-80D, FG-90D, FGT-90D-POE, FG-92D, FG-94D-POE, FG98D-POE, FG-100D, FG-110C, FG- 111C, FG-140D, FG-140D-POE, FG-140D-POE-

T1, FG-200B, FG-200B-POE, FG- 200D, FG-200D-POE, FG-240D, FG-240D-POE,

FG-280D-POE, FG-300C, FG-300D, FG-310B, FG-310B-DC, FG-311B, FG-400D,

FG-500D, FG-620B, FG-620B-DC, FG- 621B, FG-600C, FG-600D, FG-800C, FG-

800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG-1240B, FG-1500D, FG1500DT, FG-3000D, FG-3100D, FG-3040B, FG-3140B, FG-3200D, FG-3240C, FG-

3600C, FG-3700D, FG-3700DX, FG-3810D, FG-3815D, FG-3950B, FG-3951B
FortiWiFi FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C, FWF-60C,

FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60D-3G4G-VZW, FWF-60D-POE,

FWF-80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D
FortiGate Rugged FGR-60D, FGR-100C
FortiGate VM FG-VM64, FG-VM64-HV, FG-VM64-KVM, FG-VM64-XEN
FortiSwitch FS-5203B
FortiOS Carrier FCR-3950B and FCR-5001B

FortiOS Carrier 5.2.8 images are delivered upon request and are not available on the customer support firmware download page.

FortiOS Carrier firmware image file names begin with FK.

Introduction                                                                                                                    Last Release of Software

The following models are released on a special branch based off of FortiOS 5.2.8. As such, the System > Dashboard > Status page and the output from the get system status CLI command displays the build number.

 

FGT-VM64-

AWS/AWSONDEMAND

 Released on build 9141.
FGT-VM64-AZURE Released on build 5464.

To confirm that you are running the proper build, the output from the get system status CLI command has a branch point field that should read 0727.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Security Profiles (AV, Web Filtering etc.)

2 Replies

Security Profiles (AV, Web Filtering etc.)

Infection can come from many sources and have many different effects. Because of this, there is no single means to effectively protect your network. Instead, you can best protect your network with the various UTM tools your FortiGate unit offers.

 

Firewall

  • Be careful when disabling or deleting firewall settings. Changes that you make to the firewall configuration using the GUI or CLI are saved and activated immediately.
  • Arrange firewall policies in the policy list from more specific to more general. The firewall searches for a matching policy starting from the top of the policy list and working down. For example, a very general policy matches all connection attempts. When you create exceptions to a general policy, you must add them to the policy list above the general policy.
  • Avoid using the All selection for the source and destination addresses. Use addresses or address groups.
  • If you remove all policies from the firewall, there are no policy matches and all connections are dropped.
  • If possible, avoid port ranges on services for security reasons.
  • The settings for a firewall policy should be as specific as possible. Do not use 0.0.0.0 as an address. Do not use Any as a service. Use subnets or specific IP addresses for source and destination addresses and use individual services or service groups.
  • Use a 32-bit subnet mask when creating a single host address (for example, 255.255.255.255).
  • Use logging on a policy only when necessary and be aware of the performance impact. For example, you may want to log all dropped connections but can choose to use this sparingly by sampling traffic data rather than have it continually storing log information you may not use.
  • It is possible to use security policies based on ‘any’ interface. However, for better granularity and stricter security, explicit interfaces are recommended.
  • Use the comment field to input management data, for example: who requested the rule, who authorized it, etc.
  • Avoid FQDN addresses if possible, unless they are internal. It can cause a performance impact on DNS queries and security impact from DNS spoofing.
  • For non vlan interfaces, use zones (even if you have only one single interface for members) to allow:
  • An explicit name of the interface to use in security policies (‘internal’ is more explicit than ‘port10’).
  • A split between the physical port and its function to allow port remapping (for instance moving from a 1G interface to a 10G interface) or to facilitate configuration translation, as performed during hardware upgrades.

 

Security

  • Use NTP to synchronize time on the FortiGate and the core network systems, such as email servers, web servers, and logging services.
  • Enable log rules to match corporate policy. For example, log administration authentication events and access to systems from untrusted interfaces.
  • Minimize adhoc changes to live systems, if possible, to minimize interruptions to the network. When not possible, create backup configurations and implement sound audit systems using FortiAnalyzer and FortiManager.
  • If you only need to allow access to a system on a specific port, limit the access by creating the strictest rule possible.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4

Chapter 5 – Best Practices

Leave a reply

Chapter 5 – Best Practices

Overview

This FortiGate Best Practices document is a collection of guidelines to ensure the most secure and reliable operation of FortiGate units in a customer environment. It is updated periodically as new issues are identified.

 

General Considerations

1. For security purposes, NAT mode is preferred because all of the internal or DMZ networks can have secure private addresses. NAT mode policies use network address translation to hide the addresses in a more secure zone from users in a less secure zone.

2. Use virtual domains (VDOMs) to group related interfaces or VLAN subinterfaces. Using VDOMs will partition networks and create added security by limiting the scope of threats.

3. Use Transparent mode when a network is complex and does not allow for changes in the IP addressing scheme.

 

Customer service and technical support

For antivirus and attack definition updates, firmware updates, updated product documentation, technical support information, and other resources, please visit the Fortinet Technical Support web site at http://support.fortinet.com.

You can also register Fortinet products and service contracts from http://support.fortinet.com and change your registration information at any time.

For information about our priority support hotline (live support), see http://support.fortinet.com. When requesting technical support, please provide the following information:

  • Your name, and your company’s name and location
  • Your email address and/or telephone number
  • Your support contract number (if applicable)
  • The product name and model number
  • The product serial number (if applicable)
  • The software or firmware version number
  • A detailed description of the problem

 

Fortinet Knowledge Base

The most recent Fortinet technical documentation is available from the Fortinet Knowledge Base. The knowledge base contains short how-to articles, FAQs, technical notes, product and feature guides, and much more. Visit the Fortinet Knowledge Base at http://kb.fortinet.com.

 

Comments on Fortinet technical documentation

Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com.

 

System and performance

By implementing the following best practices for system and performance, you will ensure maximum efficiency of your FortiGate device. Be sure to read everything carefully, particularly the section that concerns shutting down the FortiGate system, in order to avoid potential hardware issues.

 

Performance

  • Disable any management features you do not need. If you don’t need SSH or SNMP, disable them. SSH also provides another possibility for would-be hackers to infiltrate your FortiGate unit.
  • Put the most used firewall rules to the top of the interface list.
  • Log only necessary traffic. The writing of logs, especially if to an internal hard disk, slows down performance.
  • Enable only the required application inspections.
  • Keep alert systems to a minimum. If you send logs to a syslog server, you may not need SNMP or email alerts, making for redundant processing.
  • Establish scheduled FortiGuard updates at a reasonable rate. Daily updates occurring every 4-5 hours are sufficient for most situations. In more heavy-traffic situations, schedule updates for the evening when more bandwidth can be available.
  • Keep security profiles to a minimum. If you do not need a profile on a firewall rule, do not include it.
  • Keep VDOMs to a minimum. On low-end FortiGate units, avoid using them if possible.
  • Avoid traffic shaping if you need maximum performance. Traffic shaping, by definition, slows down traffic.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9