"Firewall concepts" explains the ideas behind the components, techniques and processes that are involved in setting up and running a firewall in general and the FortiGate firewall in particular. The premise here is that regardless of how experienced someone is with firewalls as they go through the process of configuring a firewall that is new to them they are likely to come across a term or setting that they may not be familiar with even if it is only in the context of the setting they are working in at the moment. FortiGate firewall are quite comprehensive and can be very granular in the functions that they perform, so it makes sense to have a consistent frame of reference for the ideas that we will be working with.
Some examples of the concepts that will be addressed here are:
- "What is a Firewall?"
"Firewall objects" describes the following firewall objects:
- Firewall Policies
"Network defense" describes various methods of defending your Network using the abilities of the FortiGate Firewall.
"GUI & CLI - What You May Not Know" helps you navigate and find the components in the Web-based Manager that you will need to build the functions. This section is does not include any in-depth explanations of what each object does as that is covered in the concepts section. This section is for showing you where you need to input your information and let you know what format the interface expects to get that information
"Building firewall objects and policies" is similar to a cookbook in that it will refer to a number of common tasks that you will likely perform to get the full functionality out of your FortiGate firewall. Because of the way that firewall are designed, performing many of the tasks requires that firewall components be set up in a number of different sections of the interface and be configured to work together to achieve the desired result. This section will bring those components all together as a straight forward series of instructions.
"Multicast forwarding" is a reference guide including the concepts and examples that are involved in the use of multicast addressing and policy forwarding as it is used in the FortiGate firewall.
FortiGate Firewall Components
The FortiGate firewall is made up of a number of different components that are used to build an impressive list of features that have flexibility of scope and granularity of control that provide protection that is beyond that provided by the basic firewalls of the past.
Some of the components that FortiOS uses to build features are:
- Soft Switches
- Predefined Addresses
- IP address based
- FQDN based
- Geography based
- Access Schedules
- Local User based
- Authentication Server based (Active Directory, Radius, LDAP)
- Device Based
- Configureable Services
- IPv4 and IPv6 protocol support
The features of FortiOS include but are not limited to:
- Security profiles, sometimes referred to as Unified Threat Management (UTM) or Next Generation Firewall (NGFW)
- Predefined firewall addresses (this includes IPv4 and IPv6, IP pools,. wildcard addresses and netmasks, and geography-based addresses)
- Monitoring traffic
- Traffic shaping and per-IP traffic shaping (advanced)
- Firewall schedules
- Services (such as AOL, DHCP and FTP)
- Logging traffic
- Quality of Service (QoS)
- Identity-based policies
- Endpoint security
The "Firewall concepts" expand on what each of the features does and how they relate to the administration of the FortiGate firewall. The section will also try to explain some of the common firewall concepts that will be touched on in the implementing of these features.
"Building firewall objects and policies" shows how to perform specific tasks with the FortiGate firewall.