– Screenshot of objects within firewall policy in FortiManager For example, if you were to create an IPv4 firewall rule, you would combine the following objects:įigure. These are the fundamental instruments used to effect security enforcement on network traffic flowing through the FortiGate. Policies are a collection of rules composed of objects.
Fortinet support policy how to#
These objects combined are used to describe how to enforce the security in the form of a policy. – Screenshot of “n-inside” address object in FortiManager For example, an address object called “n-inside” can be used to define the network that is behind the firewall. These pieces are typically specific to the firewall they are applied to. These consists of the addresses, services, intrusion prevention profiles, etc. Objects are the components that are used together to create policies in the FortiManager. – Screenshot of the policy and objects header in FortiManager Objects
To manage the firewall policies, the FortiManager has a section dedicated to objects and policies. In addition to that, it allows for simple replication of those settings across multiple FortiGates in parallel to expedite policy updates over the fleet of firewalls. The key to this is its centralized database that allows for object re-use among FortiGates that share common settings. While the FortiManager can manage a myriad of FortiGate features, it has a stand out capability when managing the firewall policy. – Screenshot of a typical FortiManager/FortiGate Topology Its placement allows for fundamental management of FortiGate functions such as firmware upgrades, installing firewall policies and much more. It is intended to serve as a centralized repository of the configurations and policies that are used to instruct the FortiGate on how to implement its network and security enforcement. OverviewįortiManager is a management platform that manages all aspects of the FortiGate firewalls. Using it in this manner should increase the operational efficiency when managing FortiGates. The hope of this article is to give an explanation of how to use the FortiManager to manage the firewall policies on multiple FortiGate firewalls. Typically in these sites, the firewalls should have similar security policies that enforce a consistent posture around the environment. The value of FortiManager is clearly evident when you have a distributed firewall environment where FortiGates at multiple sites within your enterprise.
As with most products, if you go off the reservation, your mileage may vary. The key to it performing as expected is using it in the way it is intended to be use. Sure, it has its fair share of shortcomings, but when you understand the design principles behind it, it actually does its job quite well.
Fortinet support policy series#
This is the beginning of a three part series to explain how to use the FortiManager to manage firewall policies on the FortiGate.įortiManager gets a bad rap by many of its users.
0 kommentar(er)
