Book Image

Getting Started with FortiGate

Book Image

Getting Started with FortiGate

Overview of this book

FortiGate from Fortinet is a highly successful family of appliances enabled to manage routing and security on different layers, supporting dynamic protocols, IPSEC and VPN with SSL, application and user control, web contents and mail scanning, endpoint checks, and more, all in a single platform. The heart of the appliance is the FortiOS (FortiOS 5 is the latest release) which is able to unify a friendly web interface with a powerful command line to deliver high performance. FortiGate is able to give users the results they usually achieve at a fraction of the cost of what they would have to invest with other vendors.This practical, hands-on guide addresses all the tasks required to configure and manage a FortiGate unit in a logical order. The book starts with topics related to VLAN and routing (static and advanced) and then discusses in full the UTM features integrated in the appliance. The text explains SSL VPN and IPSEC VPN with all the required steps you need to deploy the aforementioned solutions. High availability and troubleshooting techniques are also explained in the last two chapters of the book.This concise, example-oriented book explores all the concepts you need to administer a FortiGate unit. You will begin by covering the basic tools required to administer a FortiGate unit, including NAT, routing, and VLANs. You will then be guided through the concepts of firewalling, UTM inside the appliance, tunnelling using SSL, and IPSEC and dial-up configurations. Next, you will get acquainted with important topics like high availability and Vdoms. Finally, you will end the book with an overview of troubleshooting tools and techniques.
Table of Contents (13 chapters)

Security policies

Security policies will define which session matches with one or more rules in a set and the actions the FortiGate unit will perform. The list of elements that a FortiGate will check includes:

  • Source Interface/Zone

  • Source Address

  • Destination Interface/Zone

  • Destination Address

  • Schedule and time of the session's initiation

  • Service and the packet's port numbers

  • UTM profiles

Based on the policies, a packet can be accepted or denied. Security policies are managed by navigating to the Policy | Policy | Policy menu. In the following screenshot we can see the screen used to edit a security policy:

After we have defined a firewall policy, it will look like the following screenshot. Inside a single policy firewall, the controls will be applied in the order we have selected. The firewall policies are evaluated in order from top to bottom. The first rule to match a packet will perform the action specified by the matched rule.


More information about security policies and the features of...