FortiGate modes
FortiGate modes The FortiGate unit has a choice of modes that it can be used in, either NAT/Route mode or transparent mode. The FortiGate unit is able to operate as a firewall in both modes, but some...
View ArticleHow packets are handled by FortiOS
How packets are handled by FortiOS To give you idea of what happens to a packet as it makes its way through the FortiGate unit here is a brief overview. This particular trip of the packet is starting...
View ArticleInterfaces and zones
Interfaces and zones A Firewall is a gateway device that may be the nexus point for more than 2 networks. The interface that the traffic is coming in on and should be going out on is a fundamental...
View ArticleAccess control lists
Access control lists Access control lists (ACLs) in the FortiOS firmware could be considered a granular or more specifically targeted blacklist. These ACLs drop IPv4 or IPv6 packets at the physical...
View ArticleFirewall policies
Firewall policies The firewall policy is the axis around which most of the other features of the FortiGate firewall revolve. A large portion of the settings in the firewall at some point will end up...
View ArticleSecurity profiles
Security profiles Where security policies provide the instructions to the FortiGate unit for controlling what traffic is allowed through the device, the Security profiles provide the screening that...
View ArticleSecurity profile groups
Security profile groups It may seem counter intuitive to have a topic on security profile groups in the Firewall Chapter/Handbook when there is already a chapter/handbook on Security Profiles, but...
View ArticleProxy option components
Proxy option components Any time a security profile that requires the use of a proxy is enabled the Proxy Options field will be displayed. Certain inspections defined in security profiles require that...
View ArticleSSL/SSH inspection
SSL/SSH inspection While the profile configuration for SSL/SSH Inspection is found in the Security Profiles section it is enabled in the firewall policy by enabling any of the security profiles....
View ArticleSSH MITM deep inspection
SSH MITM deep inspection Due to an increase, in recent years of vulnerabilities discovered in the SSH protocol, protections have been incorporated into FortiOS’s Intrusion Prevention System (IPS)...
View ArticleEncryption strength for proxied SSH sessions
Encryption strength for proxied SSH sessions The level of SSH encryption can be set for SSH sessions on a per-profile basis. RPC over HTTP Encryption Level Description compatible This level allows...
View ArticleRPC over HTTP
RPC over HTTP How protocol options profiles and SSL inspection profiles handle RPC (Remote Procedure Calls) over HTTP traffic can be configured separately from normal HTTP traffic. The configuration is...
View ArticleNAT
NAT NAT or Network Address Translation is the process that enables a single device such as a router or firewall to act as an agent between the Internet or Public Network and a local or private network....
View ArticleServices and TCP ports
Services and TCP ports There are a number of different services and protocols in use on the Internet. The most commonly known is HTTP which is used by web servers to transmit requests and responses for...
View ArticleProtocol types
Protocol types One of the fundamental aspects of a service is the type of protocol that use used to define it. When a service is defined one of the following categories of protocol needs to be...
View ArticleProtocol number
Protocol number IP is responsible for more than the address that it is most commonly associated with and there are a number of associated protocols that make up the Network Layer. While there are not...
View ArticleVPN policies
VPN policies At one point, if you wanted to have secure digital communications between 2 points a private network would be created. This network would only allow the people that were intended to get...
View ArticleDSRI
DSRI The Disable Server Response Inspection (DSRI) options is available for configuration in the CLI. This is used to assist performance when only URL filtering is being used. This allows the system to...
View ArticleInterface policies
Interface policies Interface policies are implemented before the “security” policies and are only flow based. They are configured in the CLI. This feature allows you to attach a set of IPS policies...
View Article