Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.6.0 Cookbook

(Optional) Adding security profiles to the Security Fabric

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:301050
Download PDF

(Optional) Adding security profiles to the Security Fabric

Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on External while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network as other internal networks may have different application control and web filtering requirements.

This configuration might result in threats getting through External so you should very closely limit access to the network connections between the FortiGates in the network.

  1. On External, go to Policy & Objects > IPv4 Policy and edit the policy allowing traffic from Accounting to the Internet.

    Under Security Profiles, enable AntiVirus and select the default profile.

    Do the same for the policy allowing traffic from Marketing to the Internet.

  2. On Accounting, go to Policy & Objects > IPv4 Policy and edit the policy allowing traffic from the Accounting network to the Internet.

    Under Security Profiles, enable Web Filter and Application Control, and select the default profiles for both.

    Repeat this step for both Marketing and Sales.

Previous
Next

(Optional) Adding security profiles to the Security Fabric

Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on External while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network as other internal networks may have different application control and web filtering requirements.

This configuration might result in threats getting through External so you should very closely limit access to the network connections between the FortiGates in the network.

  1. On External, go to Policy & Objects > IPv4 Policy and edit the policy allowing traffic from Accounting to the Internet.

    Under Security Profiles, enable AntiVirus and select the default profile.

    Do the same for the policy allowing traffic from Marketing to the Internet.

  2. On Accounting, go to Policy & Objects > IPv4 Policy and edit the policy allowing traffic from the Accounting network to the Internet.

    Under Security Profiles, enable Web Filter and Application Control, and select the default profiles for both.

    Repeat this step for both Marketing and Sales.

Previous
Next