Welcome and thank you for selecting Fortinet products for your network protection. This document is intended to provide the concepts and techniques that will be needed to configure the FortiGate firewall on your FortiGate unit.
Before you start administrating your FortiGate device, certain assumptions have been made in the writing of this manual:
- You have administrative access to the Web based GUI or to the Command Line Interface.
- The FortiGate unit is integrated into your network.
- The operation mode (NAT or Transparent) has been configured.
- Network Interfaces have been configured.
- DNS settings have been configured.
- The system time settings have been configured.
- Firmware is up to date.
- FortiGuard Service licences are current and the device is able to connect to the FortiGuard Servers.
- If you are using FortiCloud, it is properly configured.
How this Guide is Organized
This guide contains a number of different topic that, at its simplest, can be grouped into fundamental firewall topics such as policies, objects and network defense and topics that have to do with the optimization of the firewall such as WAN optimization, proxies and caching.
Firewall concepts explains the ideas behind the components, techniques and processes that are involved in setting up and running a firewall in general and the FortiGate firewall in particular. The premise here is that regardless of how experienced someone is with firewalls as they go through the process of configuring a firewall that is new to them they are likely to come across a term or setting that they may not be familiar with even if it is only in the context of the setting they are working in at the moment. FortiGate firewall are quite comprehensive and can be very granular in the functions that they perform, so it makes sense to have a consistent frame of reference for the ideas that we will be working with.
Some examples of the concepts that will be addressed here are:
- "What is a Firewall?"
"Firewall objects" describes the following firewall objects:
- Firewall Policies
Network defense describes various methods of defending your Network using the abilities of the FortiGate Firewall.
Object Configuration is similar to a cookbook in that it will refer to a number of common tasks that you will likely perform to get the full functionality out of your FortiGate firewall. Because of the way that firewall are designed, performing many of the tasks requires that firewall components be set up in a number of different sections of the interface and be configured to work together to achieve the desired result. This section will bring those components all together as a straight forward series of instructions.
FortiGate Firewall Components
The FortiGate firewall is made up of a number of different components that are used to build an impressive list of features that have flexibility of scope and granularity of control that provide protection that is beyond that provided by the basic firewalls of the past.
Some of the components that FortiOS uses to build features are:
- Soft Switches
- Predefined Addresses
- IP address based
- FQDN based
- Geography based
- Access Schedules
- Local User based
- Authentication Server based (Active Directory, Radius, LDAP)
- Device Based
- Configureable Services
- IPv4 and IPv6 protocol support
The features of FortiOS include but are not limited to:
- Security profiles, sometimes referred to as Unified Threat Management (UTM) or Next Generation Firewall (NGFW)
- Predefined firewall addresses (this includes IPv4 and IPv6, IP pools,. wildcard addresses and netmasks, and geography-based addresses)
- Monitoring traffic
- Traffic shaping and per-IP traffic shaping (advanced)
- Firewall schedules
- Services (such as AOL, DHCP and FTP)
- Logging traffic
- Quality of Service (QoS)
- Identity-based policies
- Endpoint security
There are a few different methodologies of optimization and most of these methodologies has been divided into:
- Concepts section - This will have the basic ideas behind the how and why of the topic. Because the number of topics is larger, the ideas are not as pervasive and the content is not so extensive as in the Fundamental section, some of the topics will include instructions on the configuration for that individual topic in order to keep the information fo granular topics together.
- Configuration section- Just like the Configuration section of the Fundamentals, this will be a cookbook style of documentation showing how to configure something that achieves a specific functionality from the FortiGate.
The optimization topics include:
- Secure Web Gateway, WAN Optimization, Web Caching and WCCP
- Example topologies relevant to WAN Optimization
- Inside FortiOS: WAN Optimization
- WAN Optimization Concepts
- WAN Optimization Configuration
- Peers and authentication groups
- Web Cache Concepts
- Web Cache Configuration
- WCCP Concepts
- WCCP Configuration
- Web Proxy Concepts
- Web Proxy Configuration
- Explicit Proxy Concepts
- Explicit Proxy Configuration
- Transparent Proxy Concepts
- Transparent Proxy Configuration
- FTP Proxy Concepts
- FTP Proxy Configuration
- Diagnose commands for WAN Optimization