FortiGate Operator Learning Notes - NETSEC

Latest

NETSEC

Learning, Sharing, Creating

Cybersecurity Memo
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

Sunday, September 1, 2024

FortiGate Operator Learning Notes

FortiGate is a next-generation firewall (NGFW) that delivers industry-leading enterprise security with full visibility and threat protection.

Using FortiGate, organizations can achieve:

  • Ultra-fast security throughout their network
  • A consistent real-time defense
  • An excellent user experience
  • Operational efficiency and automated workflows


Note: training course - https://training.fortinet.com/course/view.php?id=39326
1. FortiGate Overview
2. Configuring Interfaces and Routing
3. Firewall Policies
4. Authenticating Network Users
5. Inspect SSL Traffic
6. Blocking Malware
7. Control Web Access Using Web Filtering
8. Configuring the FortiGate Intrusion Prevention System
9. Controlling Application Access
10. Creating IPsec Virtual Private Networks
11. Configuring FortiGate SSL VPN
12. FortiGate System Maintenance and Monitoring
13. Configuring the Fortinet Security Fabric

FortiGate Overview

FortiGate Platform Structure


Models



Setting the administrator password retries and lockout time

https://docs.fortinet.com/document/fortigate/7.4.6/administration-guide/631730/setting-the-administrator-password-retries-and-lockout-time

By default, the number password retry attempts is set to three, allowing the administrator a maximum of three attempts at logging in to their account before they are locked out for a set amount of time (by default, 60 seconds).

The number of attempts and the default wait time before the administrator can try to enter a password again can be configured using the CLI.

A maximum of ten retry attempts can be configured, and the lockout period can be 1 to 2147483647 seconds (over 68 years). The higher the retry attempts, the higher the risk that someone might be able to guess the password.

To configure the lockout options:
config system global
    set admin-lockout-threshold <failed_attempts>
    set admin-lockout-duration <seconds>
end

For example, to set the number of retry attempts to 1, and the lockout time to 5 minutes:

config system global
    set admin-lockout-threshold 1
    set admin-lockout-duration 300
end

Default configuration is :

config system global
    set admin-lockout-duration 60
    set admin-lockout-threshold 3


Configuring Interfaces and Routing


LAN - DHCP
WAN

Default Route, static route
Includes:
  • Destination
  • Gateway address
  • Interface
Verify the route from Dashboard - Network - Static & Dynamic Routing widget - Click to expand

Policies

By default, the inspection mode of the new firewall policy is set to Flow Based.
Flow-based inspection


Proxy-based insepction

Change Inspection Mode:

From the CLI.
 
Use the below command to change the inspection mode:
 
config firewall policy
    edit # (ID of the policy)
    set inspection-mode <flow or proxy>  
end


Internet Access Policy Rule example:

Show Matching logs




Firewall Authentication





Local Password Auth

Remote Password Authentication

Steps:
  • Create a user account
  • Configure Remote auth
  • Create a user group
  • add authenication to a firewall policy
  • verify and monitor firewall authentication





Inspect SSL Traffic


Two types of FortiGate SSL Inspection:
- Certificate Inspection (always with Web Filtering)
- Deep Inspection (Full Inspection)







Deep Inspection:




Certificate Warning:
Solve this certificate warning issue:



Create/Edit SSL Inspection Profiles

Apply custom deep ssl inspection into a firewall rule. You will need to enable one Security profiles first , such as Antivirus as shown in the following screenshot:

To avoid certificate security warning, we can install Fortigate CA certificate from ssl inspection profile. 

Exempt some websites from SSL inspection. 



Blocking Malware


Antivirus Scan
Grayware Scan
Machine Learning / Artificial Intelligence Scan




verification configuration from www.eicar.com


Control Web Acess Using Web Filtering



Actions
  • Allow
  • Block
  • Monitor
  • Warning
  • Authenticate

Fortiguard.com/webfilter


Authenticate





Configuring IPS (Intrusion Prevention System)






Controlling Applications Access








References


  • Fortinet Training - https://training.fortinet.com/my/



Read more

Subscribe via email

Author Image

About Netsec
Netsec - Learning, Sharing, Creating!

-
Tags:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)