Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Related Videos

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 6,284 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,385 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 850 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,098 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,133 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,033 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 729 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,326 views
  • 1 years ago

Cookbook

Download PDF
Copy Link

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.

Related Videos

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 6,284 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,385 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 850 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,098 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,133 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,033 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 729 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,326 views
  • 1 years ago

Adding security profiles (optional)

The Security Fabric allows you to distribute security profiles to different FortiGates in your network, which can lessen the workload of each device and avoid creating bottlenecks. For example, you can implement antivirus scanning on Edge while the ISFW FortiGates apply application control and web filtering.

This results in distributed processing between the FortiGates in the Security Fabric, which reduces the load on each one. It also allows you to customize the web filtering and application control for the specific needs of the Accounting network since other internal networks may have different application control and web filtering requirements.

This configuration may result in threats getting through Edge, which means you should very closely limit access to the network connections between the FortiGates in the network.

  1. To edit the policy that allows traffic from Accounting to the Internet, connect to Edge and go to Policy & Objects > IPv4 Policy.

  2. Under Security Profiles, enable AntiVirus and select the default profile.

  3. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

    Note

    Using the deep-inspection profile may cause certificate errors.

  4. Do the same for the policy that allows traffic from Marketing to the Internet.

  5. To edit the policy that allows traffic from the Accounting network to Edge, connect to Accounting and go to Policy & Objects > IPv4 Policy.

  6. Under Security Profiles, enable Web Filter and Application Control. Select the default profile for both.

  7. SSL Inspection is enabled by default. Set it to the deep-inspection profile.

  8. Repeat this step for both Marketing and Sales.