Having multiple administrators managing your Security devices is common practice, every user that is supposed to have access to a Firewall should have access to it. This needs to be controlled by an identity server; in this case, we will use Microsoft Active Directory.
Looking to catch up up the FortiGate Series? - Make sure you check the Main Page for it –> FortiGate - Configuration Series.
The Requirement Ensure the Network Administrators Group and Help Desk Groups have access to Manage the FortiGate - Use AD for Authentication.
It has been a long time since my last practical/post, so I wanted to share what I have been working on
For my understanding and anyone reading this, I would like to set a quick standard for this lab; the best way to do it is by creating a quick diagram and a Plan
Looking to catch up up the FortiGate Series? - Make sure you check the Main Page for it –> FortiGate - Configuration Series.
TO pick up right where we left off, we will configure Static Routes to the providers, Security Policies (Allowing Traffic to the Internet), and NAT
Looking to catch up up the FortiGate Series? - Make sure you check the Main Page for it –> FortiGate - Configuration Series.
The Diagram Static Routes ISP This part of the configuration is enjoyable; Fortinet helps you save time. When you configure a static route, it will suggest an interface to be used as the next hop, without you having to do much other than making sure it is the right one. You can also use the advanced options to make sure and set the priority of your interface.
The Security Profile - Web Filter FortiOS has a neat section for all the Security Profiles; this GUI is straightforward and intuitive. So let’s see what we have by default.
Looking to catch up up the FortiGate Series? - Make sure you check the Main Page for it –> FortiGate - Configuration Series.
From the screenshot, we can clearly see what these profiles are being used for. This time, I will make sure to copy the Default one instead of creating a new Profile. You can do this by right-clicking on the default profile, then select Clone. This will open a new section to adjust the name or accept the default Fortinet created for you, which reads: “Clone of Default.”
Hey there, I created a quick series that goes over Fortinet Configuration. Initially, this series goes over simple configuration tasks
Let me know if this is helpful
FortiGate Configuration Series Main Post FortiGate – Configuration (Part 1) – Interfaces and Getting Started
FortiGate – Configuration (Part 2) – Static Routes | Firewall Policies | Port Address Translation for Internet
FortiGate – Configuration (Part 3) – Web Filtering | Read-only SSL handshake inspection | Troubleshooting | Adding FortiGate CA Certificate to Windows 10
I have a very modest lab setup and have been putting the PAN-VM 100 to the test, in this case, I have 2 firewalls setup to handle the internet of the internal VMs in my lab
Here I a quick snapshot of the all the junk I have been running So I decided that I want to use the PANVM as my primary internet, due to some limitations of speed with the ASA5506X (Only 250Mbps) - I’m running currently a 1Gbps internet for the lab so I wanted to make sure I could use all my bandwidth! (I want my money and I want it now!!)
The last post was very long and a bit crazy all over the place, but here we are continuing with it. To illustrate how to crate a destination NAT, we will be opening FTP to one of our DMZ server, so lets get started
Create Object Under Objects -> Services we will create our new FTP Object
Destination NAT Policy We are pretty much following the same flow we initially followed when we were playing with the Source NAT Policies, with few minor changes that will make sense
So I continue my journey to get this cert, I think I have procrastinated for too long and I need to get back to learning all the ins and outs for the technology. Again this certification is very heavy on configuration, HA concepts and maybe scattered between all their main Objectives. We are going to get working with Initial Configuration
Admin Roles Like any other appliance out there, you have the ability to create different Admin roles and different permissions based on their job function
This quick lab is going to be about creating Zones, assigning them to interfaces, Management Interface configuration
Creating a Zone We will create the Outside Zone and we are going to add a name + selecting the type, nothing fancy, but later in the lab we will use it and go through configuring more features Create an Interface Management Profile We are going to quickly create a Management profile and assign to an interface
Create Tags One thing that I really appreciate from PANOS is the introduction of TAGs, they are very handy when you are looking for policies, objects and many different things in your firewall. I know many of you out there appreciate the feature.
Tags are color-coded labels and enable you to group, sort, and filter objects using keywords or phrases. Tags can be applied to Address objects, Address Groups (static and dynamic), services, Service Groups, and policy rules. Tags can be assigned a color that makes the results of a search easier to find in the web interface.
