Traditionally, network security (firewalls to block unauthorized users, Intrusion Prevention Systems (IPS) to keep attackers out, Web filters to avoid misuse of Internet browsing, and antivirus software to block malicious programs) required separate boxes with increased cost and complexity. Unified Threat Management (UTM) makes network security less complex, cheaper, and more effective by consolidating all these components. This book explains the advantages of using UTM and how it works, presents best practices on deployment, and is a hands-on, step-by-step guide to deploying Fortinet's FortiGate in the enterprise.

Provides tips, tricks, and proven suggestions and guidelines to set up FortiGate implementations
Presents topics that are not covered (or are not covered in detail) by Fortinet's documentation
Discusses hands-on troubleshooting techniques at both the project deployment level and technical implementation area

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Yes, you can access UTM Security with Fortinet by Kenneth Tam,Ken McAlpine,Martín H. Hoz Salvador,Josh More,Rick Basile,Bruce Matsugu in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Syngress

Year

2012

ISBN

9781597499774

Topic

Computer Science

Subtopic

Cyber Security

Index

Computer Science

Section II: UTM Technologies Explained

Chapter 4 Connectivity and Networking Technologies

Chapter 5 Base Network Security

Chapter 6 Application Security

Chapter 7 Extended UTM Functionality

Chapter 8 Analyzing your Security Information with FortiAnalyzer

Chapter 9 Managing Your Security Configurations with FortiManager

Chapter 4 Connectivity and Networking Technologies

Information in this chapter:

• Operating Modes

• Layer 2 (Transparent)

• Layer 3 (NAT/Route)

• Connectivity

• Dynamically Addressed Interfaces

• VLAN Interfaces

• 802.3AD

• Redundant Interfaces

• Wireless

• Modems

• IPv6 Interfaces

• Routing

• Static Routing

• Policy-Based Routing

• Dynamic Routing

- RIP (Routing Information Protocol)

- OSPF (Open Shortest Path First)

- BGP (Border Gateway Protocol)

- IS-IS (Intermediate System to Intermediate System)

- Route Redistribution

- Multicast

- ECMP (Equal Cost MultiPath)

- BFD (Bidirectional Forwarding Detection)

- Information and Troubleshooting

• Servicing Users

• DHCP

• DNS Server

• Virtual Domains (VDOM)

• High Availability

Operating Modes

As noted previously, a FortiGate can be configured to operate either in Transparent mode, like a switch (L2 based forwarding) or in NAT/Route mode, like a router (L3 based forwarding). Thus, the way in which packets are treated will depend on which of these two modes the device is in.

Layer 2 (Transparent)

This mode of operation is also commonly referred to as bridged mode, as the operation is very similar to that of a Layer 2 bridge or switch. The default operating mode for a FortiGate or a newly defined VDOM is always L3 mode. Changing the mode is as simple as using the link in the System Information widget on the main status page. Once selected, you will be prompted to specify the IP address and default gateway information for the device to use after the mode has been changed. This IP address will be used for accessing the FortiGate administrative interfaces. As noted in previous chapters, changes like this take place immediately, so it is important to use an address that will remain reachable. It would also be a good idea to verify that the planned network interfaces over which the WebUI will be accessed have sufficient administrative protocols configured at System → Network → Interfaces. If you are using the CLI, you will also need to configure the IP address and the default gateway.

FGT# config system setting

FGT (settings) # set opmode transparent

FGT (settings) # set manageip <ip: x.x.x.x> <subnet: x.x.x.x>

FGT (settings) # end

When operating in Transparent Mode it is critical that you install and configure the FortiGate in configuration that avoids creating network loops. Much as L2 switches do, a FortiGate tracks all ARP request/reply transactions and builds a table of IP/MAC/interface values. This table is consulted for each new packet received so the correct egress interface can be determined and, therefore, linked to correct firewall policies. When the FortiGate receives a packet with a destination IP and/or MAC that is not in the current table, the FortiGate will flood the packet out to all allowed interfaces.

In some networks the Spanning Tree Protocol (STP) may be used to avoid creation of network loops, the FortiGate device itself does not participate in STP, it can however forward STP packets, this is enabled from the CLI by setting the option stpforward to enable for the appropriate interfaces.

config system interface

edit <interface name>

…

set stpforward enable

…

end

Layer 3 (NAT/Route)

Layer 3 is the traditional operating mode for most firewalls. In this mode, the interface from which a packet is forwarded is based on the routing table.

Connectivity

The FortiGate product family supports a number of different types of network interfaces. While these are primarily 802.3 Ethernet interfaces, 802.11 Wireless, ADSL2/2+ modems, Analog Modem, RS232 and USB connected modems are also supported. At this time, there is currently no support for any of the traditional wide area connection technologies such as ATM, T1/T3, etc.

Some models support modularity, allowing for different types of physical interface to be combined. These include RJ45, Short-Haul multimode fiber, Long-Haul multimode, and/or singlemode fiber. Some of the more recent models also support SFP (1 Gbps) interfaces. The top end of the product line also suppo...

Cover image
Title page
Table of Contents
Copyright
Dedications
Acknowledgements
About The Author
Foreword
Preface
Section I: General Introduction
Section II: UTM Technologies Explained
Section III: Implementing a Security (UTM) Project
Appendix A. Troubleshooting the Project
Appendix B. Troubleshooting Technically
Appendix C. Country Codes
Glossary
Subject Index