Fortinet black logo

Cookbook

Adding security profiles (optional)

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:249061
Download PDF

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 7,615 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,672 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 880 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,339 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,358 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,379 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 865 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,839 views
  • 5 years ago

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.