EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

Policies-Filters & Endpoint Security

Policies-Filters & Endpoint Security

Posted on Jan 13, 2020 (0)

Policies-Filters & Endpoint Security

How Fortigate Process data packet:

Fortigate process the data packet based on following steps:

  • Ingress: When packet comes on Fortigate, ingress filtering controls the network from various security ricks like DOS attack, IPsec Security, unwanted packet traversing to our internal network. After the Security and access check routing is performed on the Ingress Level.
  • Stateful Inspection engine: Fortigate is stateful inspection engine, any traffic going from inside to outside, its connection state is maintained, and on returning packet no ACL or filtering is done.
  • UTM Scanning : Fortigate has preconfigured UTM Profiles which in turn helps us in various features like antivirus , Web filtering , Email Filtering , IPS etc.
  • Egress: One a data packet is moving to outside to fortigate , it performs egress filtering along with security checks on NAT Sources , IPSEC and then performs the routing to send data finally out of the box.

Zones in Fortigate:

Zones are groups of multiple interface (physical, logical, VLAN, VPN Tunnel) which requires same security policies from incoming and outgoing traffic.

To create Zone follow these steps:

System | Network | Interface and then click Zone.

In the zone configuration we can selects the Block intra-zones traffic option to prohibit the different interfaces in the same zone to communicate to each other.

Addresses: 

Addresses are used in fortigate to group IP range, or FQDN or it contain single address also. FQDN helps to create rules, policies for internet servers and to manage policies in larger network environment.
[pms-restrict subscription_plans="1315, 1316, 1317, 1735"]
To create new address, System | Addresses | create Address or Address Group.

When it is created, it is also advisable to specify the interface details that will be associated to with it, you can also use ANY option.

Services:

With the help of services we can define or control what all ports which will be allowed or blocked from any data traffic. A fortigate device also has some default list of services which we can use in our policy and we can also create the custom service that will contains services based on our particular requirement.

To create System | Services | create new Service or Service Group.

Schedule:

When you want that any rules becomes active on particular time frame, you can use scheduler option. The default value is Always. There are two types of schedule supported by Fortigate.

  • Recurring: The rule will be active after every interval of date and time as specified in policy.
  • One-Time: Rule will be active only one time as specified in rule.

Antivirus:

This feature protect our network by examining the virus, worms, Trojans, and malware. In the fortigate, it has antivirus scan engine which has virus signature database, regular virus database signature or extreme signature version based on fortigate units models. It also has feature called Gray ware (files, application that does not virus but still damage to your computer).

From CLI:

config system settings
FortiGate-VM64 # config antivirus settings
FortiGate-VM64 (settings) # set default-db extended
FortiGate-VM64 (settings) # set grayware enable
FortiGate-VM64 (settings) # end
FortiGate-VM64 #

A fortigate also has option called client Comforting ,  that slowly transfer files in parts to keep download active on client side and does antivirus check on backend , as soon as antivirus check is completed complete file is downloaded  which does not have any virus.

To create Antivirus Profile: Security Profile | Antivirus | Create New

Intrusion Protection:

IPS monitors both network traffic and malicious activities, and protects network from application based attacks. IPS require two configuration:

  • A security policy that define what type of traffic we are planning to control
  • An IPS sensor, which specify signatures for application attacks.

Follow the following Steps:

Go to Security Profiles | IPS | Create IPS Sensor and Select or create Filters and Signatures.

Then go to policy and turn on IPS and then choose IPS Sensor which you created.

Web Filter:

When you want to check or control the type of content (website) that our users access on the internet we use web filter.
To create web filter:

  • System Profiles | web Filter | Create New Web Filter Profile
  • The web filter also provides options to classify webpages based on categories which is mentioned under FortiGuard category based filter
  • It also provides filtering by web content based, in this you can select this option and enable it and use expression mode to provide content.

Traffic Shaping:

When we want to limit any client to use only limited bandwidth we use traffic shaping. It includes maximum and minimum levels of bandwidth to be able to guarantee QOS.

To configure Traffic Shaping: Policy & Objects | Traffic Shaping

There are three shaping options available, which are as follows:

  • Shared policy shaping: Bandwidth management by security policies
  • Per-IP shaping: Bandwidth management by user IP addresses
  • Application control shaping: Bandwidth management by application

Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.