Getting Started with FortiGate

Getting Started with FortiGate

Overview of this book

FortiGate from Fortinet is a highly successful family of appliances enabled to manage routing and security on different layers, supporting dynamic protocols, IPSEC and VPN with SSL, application and user control, web contents and mail scanning, endpoint checks, and more, all in a single platform. The heart of the appliance is the FortiOS (FortiOS 5 is the latest release) which is able to unify a friendly web interface with a powerful command line to deliver high performance. FortiGate is able to give users the results they usually achieve at a fraction of the cost of what they would have to invest with other vendors.This practical, hands-on guide addresses all the tasks required to configure and manage a FortiGate unit in a logical order. The book starts with topics related to VLAN and routing (static and advanced) and then discusses in full the UTM features integrated in the appliance. The text explains SSL VPN and IPSEC VPN with all the required steps you need to deploy the aforementioned solutions. High availability and troubleshooting techniques are also explained in the last two chapters of the book.This concise, example-oriented book explores all the concepts you need to administer a FortiGate unit. You will begin by covering the basic tools required to administer a FortiGate unit, including NAT, routing, and VLANs. You will then be guided through the concepts of firewalling, UTM inside the appliance, tunnelling using SSL, and IPSEC and dial-up configurations. Next, you will get acquainted with important topics like high availability and Vdoms. Finally, you will end the book with an overview of troubleshooting tools and techniques.

Getting Started with FortiGate

Credits

Foreword

About the Authors

About the Reviewers

www.PacktPub.com

Preface

Free Chapter

First Steps

Administering a FortiGate

Unboxing the FortiGate and license options

First access to a FortiGate

Monitoring OSPF routes

Summary

Filters, Policies, and Endpoint Security

Processing a data packet inside a FortiGate

Bring Your Own Device (BYOD)

Summary

VPNs and Tunneling

SSL VPN

Configuring the SSL VPN portal

FortiGate IPsec VPN

Summary

High Availability

Link aggregation

Virtual MAC addresses

FortiGate Cluster Protocol

FortiGate Session Life Support Protocol

Virtual Router Redundancy Protocol

Full mesh high availability

Introducing virtual domains

VDOMs and virtual clustering

Summary

Troubleshooting

Base system diagnostics

Troubleshooting routing

Troubleshooting security policies and profiles

Troubleshooting virtual domains

Troubleshooting VPN

Troubleshooting High Availability (HA)

Summary

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Dynamic routing

Unlike static routing, dynamic routing is based on information exchanged between network devices to select the best available route to a certain destination. This adds scalability and adaptability that does not exist in static routing. Dynamic routing uses one or more Routing Protocols that create, maintain, and update the dynamic routing table. The logic and the algorithms used vary from one protocol to the other and in every scenario there is one or more routing protocol that better fits to the networking needs. The protocol that we will select depends on a number of factors. Before we can compare the different protocols with each other it is necessary to introduce three basic concepts: convergence, technology used to calculate the best route, and protocol support for Classless Inter-Domain Routing (CIDR). The concepts are explained in the following list:

Convergence: Each routing protocol has a different method to update the routing table. This will affect the time to converge the routing tables.
Technology: The two main methods are Distance Vector and Link-State. Distance vector protocols use a distance value that is based on the number of hops (devices along the path) to the destination. Distance vector protocols usually send the whole routing table to their neighbors as soon as there is an update. Link-state protocols use information sent from all the connected devices and are related only to the directly connected networks. Link-state protocols also take into account other factors when making routing decisions such as bandwidth. The routing information is sent in incremental form.
Support for CIDR: Routing protocols include classful protocols that do not send subnet mask information with their routing updates. With the other kind (classless routing) a series of addresses can be combined into one entry also because subnet mask information is transmitted.

The following table contains a comparison of three widespread routing protocols: RIP, OSPF, and BGP.

Protocol	RIP (v2)	OSPF	BGP
Technology	Distance Vector	Link-state	Distance vector (path vector)
CIDR	Yes	Yes	Yes
Update	30 seconds plus triggered	30 minutes plus triggered	Triggered
Metric	Hop	Cost	Path attributes
Scalability	15 hops	Around 50 routers per area, a few hundred areas	Thousands of routers

Routing protocols are also divided into two categories that determine the most suitable use scenario:

Exterior routing protocols: Best used to distribute routes between different companies or organizations (BGP).
Interior routing protocols: Designed to distribute routes inside a single organization (RIP and OSPF).

Each of the protocols listed has its own method of operation. RIP is less complex to manage, but due to its characteristics, it can be considered suitable only for networks of very small dimensions. OSPF and BGP are more complex but will give a much greater scalability. Being the most commonly used protocol, OSPF will be the routing protocol explained in the text.

Getting Started with FortiGate

Getting Started with FortiGate

Overview of this book

Related Content you might be interested in

Current Title:

Getting Started with FortiGate

Dynamic routing