Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 7,145 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,583 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 859 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,246 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,287 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,235 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 810 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,637 views
  • 2 years ago

Cookbook

Download PDF
Copy Link

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 7,145 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,583 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 859 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,246 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,287 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,235 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 810 views
  • 2 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,637 views
  • 2 years ago

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.