Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Related Videos

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 6,636 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,476 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 854 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,163 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,214 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,105 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 772 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,484 views
  • 2 years ago

Cookbook

Download PDF
Copy Link

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.

Related Videos

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 6,636 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,476 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 854 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,163 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,214 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,105 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 772 views
  • 2 years ago

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,484 views
  • 2 years ago

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.