"Firewall concepts" explains the ideas behind the components, techniques and processes that are involved in setting up and running a firewall in general, and the FortiGate firewall in particular. Regardless of how experienced someone is with firewalls, as they go through the process of configuring a firewall new to them they are likely to come across a term or setting that they may not be familiar with. FortiGate firewalls are quite comprehensive and can be very granular in the functions they perform, so it makes sense to have a consistent frame of reference for the ideas we will be working with.
Some examples of the concepts that will be addressed here are:
- "What is a Firewall?"
"Firewall objects" describes the following:
- Firewall Policies
"Network defense" describes various methods of defending your network using the abilities of the FortiGate firewall.
"GUI and CLI - what you may not know" helps you navigate and find the components in the Web-based Manager that you will need to build the functions. This section does not include any in-depth explanations of what each object does as that is covered in the concepts section. This section is for showing you where you need to input your information and letting you know what format the interface expects to get that information
"Building firewall objects and policies" is similar to a cookbook in that it will refer to a number of common tasks that you will likely perform to get the full functionality out of your FortiGate firewall. Because of the way that firewalls are designed, performing many of the tasks requires that firewall components be set up in a number of different sections of the interface and be configured to work together to achieve the desired result. This section will bring those components together as a straight forward series of instructions.
"Multicast forwarding" is a reference guide including the concepts and examples that are involved in the use of multicast addressing and policy forwarding as it is used in the FortiGate firewall.
FortiGate Firewall Components
The FortiGate firewall is made up of a number of different components that are used to build an impressive list of features. These features have flexibility of scope and granularity of control that provide protection far beyond that provided by the basic firewalls of the past.
Some of the components that FortiOS uses to build features are:
- Soft switches
- Predefined addresses
- IP address-based
- Access schedules
- Local user-based
- Authentication server-based (Active Directory, RADIUS, LDAP)
- Configurable services
- IPv4 and IPv6 protocol support
The features of FortiOS include but are not limited to:
- Security profiles, sometimes referred to as Unified Threat Management (UTM) or Next Generation Firewall (NGFW)
- Predefined firewall addresses (this includes IPv4 and IPv6, IP pools, wildcard addresses and netmasks, and geography-based addresses)
- Monitoring traffic
- Traffic shaping and per-IP traffic shaping (advanced)
- Firewall schedules
- Services (such as AOL, DHCP and FTP)
- Logging traffic
- Quality of Service (QoS)
- Identity-based policies
- Endpoint security
The "Firewall concepts" expand on what each of the features does and how they relate to the administration of the FortiGate firewall. The section will also try to explain some of the common firewall concepts that will be touched on in the implementing of these features.
"Building firewall objects and policies" shows how to perform specific tasks with the FortiGate firewall.