eBook - ePub
UTM Security with Fortinet
Mastering FortiOS
This is a test
- 452 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
UTM Security with Fortinet
Mastering FortiOS
Book details
Book preview
Table of contents
Citations
About This Book
Traditionally, network security (firewalls to block unauthorized users, Intrusion Prevention Systems (IPS) to keep attackers out, Web filters to avoid misuse of Internet browsing, and antivirus software to block malicious programs) required separate boxes with increased cost and complexity. Unified Threat Management (UTM) makes network security less complex, cheaper, and more effective by consolidating all these components. This book explains the advantages of using UTM and how it works, presents best practices on deployment, and is a hands-on, step-by-step guide to deploying Fortinet's FortiGate in the enterprise.
- Provides tips, tricks, and proven suggestions and guidelines to set up FortiGate implementations
- Presents topics that are not covered (or are not covered in detail) by Fortinet's documentation
- Discusses hands-on troubleshooting techniques at both the project deployment level and technical implementation area
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access UTM Security with Fortinet by Kenneth Tam,Ken McAlpine,Martín H. Hoz Salvador,Josh More,Rick Basile,Bruce Matsugu in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Section II: UTM Technologies Explained
Chapter 4 Connectivity and Networking Technologies
Chapter 5 Base Network Security
Chapter 6 Application Security
Chapter 7 Extended UTM Functionality
Chapter 8 Analyzing your Security Information with FortiAnalyzer
Chapter 9 Managing Your Security Configurations with FortiManager
Chapter 4
Connectivity and Networking Technologies
Information in this chapter:
• Operating Modes
• Layer 2 (Transparent)
• Layer 3 (NAT/Route)
• Connectivity
• Dynamically Addressed Interfaces
• VLAN Interfaces
• 802.3AD
• Redundant Interfaces
• Wireless
• Modems
• IPv6 Interfaces
• Routing
• Static Routing
• Policy-Based Routing
• Dynamic Routing
- RIP (Routing Information Protocol)
- OSPF (Open Shortest Path First)
- BGP (Border Gateway Protocol)
- IS-IS (Intermediate System to Intermediate System)
- Route Redistribution
- Multicast
- ECMP (Equal Cost MultiPath)
- BFD (Bidirectional Forwarding Detection)
- Information and Troubleshooting
• Servicing Users
• DHCP
• DNS Server
• Virtual Domains (VDOM)
• High Availability
Operating Modes
As noted previously, a FortiGate can be configured to operate either in Transparent mode, like a switch (L2 based forwarding) or in NAT/Route mode, like a router (L3 based forwarding). Thus, the way in which packets are treated will depend on which of these two modes the device is in.
Layer 2 (Transparent)
This mode of operation is also commonly referred to as bridged mode, as the operation is very similar to that of a Layer 2 bridge or switch. The default operating mode for a FortiGate or a newly defined VDOM is always L3 mode. Changing the mode is as simple as using the link in the System Information widget on the main status page. Once selected, you will be prompted to specify the IP address and default gateway information for the device to use after the mode has been changed. This IP address will be used for accessing the FortiGate administrative interfaces. As noted in previous chapters, changes like this take place immediately, so it is important to use an address that will remain reachable. It would also be a good idea to verify that the planned network interfaces over which the WebUI will be accessed have sufficient administrative protocols configured at System → Network → Interfaces. If you are using the CLI, you will also need to configure the IP address and the default gateway.
FGT# config system setting
FGT (settings) # set opmode transparent
FGT (settings) # set manageip <ip: x.x.x.x> <subnet: x.x.x.x>
FGT (settings) # end
When operating in Transparent Mode it is critical that you install and configure the FortiGate in configuration that avoids creating network loops. Much as L2 switches do, a FortiGate tracks all ARP request/reply transactions and builds a table of IP/MAC/interface values. This table is consulted for each new packet received so the correct egress interface can be determined and, therefore, linked to correct firewall policies. When the FortiGate receives a packet with a destination IP and/or MAC that is not in the current table, the FortiGate will flood the packet out to all allowed interfaces.
In some networks the Spanning Tree Protocol (STP) may be used to avoid creation of network loops, the FortiGate device itself does not participate in STP, it can however forward STP packets, this is enabled from the CLI by setting the option stpforward to enable for the appropriate interfaces.
config system interface
edit <interface name>
…
set stpforward enable
…
next
end
Layer 3 (NAT/Route)
Layer 3 is the traditional operating mode for most firewalls. In this mode, the interface from which a packet is forwarded is based on the routing table.
Connectivity
The FortiGate product family supports a number of different types of network interfaces. While these are primarily 802.3 Ethernet interfaces, 802.11 Wireless, ADSL2/2+ modems, Analog Modem, RS232 and USB connected modems are also supported. At this time, there is currently no support for any of the traditional wide area connection technologies such as ATM, T1/T3, etc.
Some models support modularity, allowing for different types of physical interface to be combined. These include RJ45, Short-Haul multimode fiber, Long-Haul multimode, and/or singlemode fiber. Some of the more recent models also support SFP (1 Gbps) interfaces. The top end of the product line also suppo...
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Dedications
- Acknowledgements
- About The Author
- Foreword
- Preface
- Section I: General Introduction
- Section II: UTM Technologies Explained
- Section III: Implementing a Security (UTM) Project
- Appendix A. Troubleshooting the Project
- Appendix B. Troubleshooting Technically
- Appendix C. Country Codes
- Glossary
- Subject Index