Fortinet black logo

Handbook

General considerations

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:260368
Download PDF

General considerations

  1. As the first step on a new deployment, review default settings such as administrator passwords, certificates for GUI and SSL VPN access, SSH keys, open administrative ports on interfaces, and default firewall policies. As soon as the FortiGate is connected to the internet it is exposed to external risks, such as unauthorized access, man-in-the-middle attacks, spoofing, DoS attacks, and other malicious activities from malicious actors. Either use the start up wizard or manually reconfigure the default settings to tighten your security from the beginning, thereby securing your network to its full potential.

  2. NAT mode is preferred for security purposes. NAT mode policies translate addresses in a more secure zone from users in a less zecure zone using a NATed IP address or IP address pool. This layer of obfuscation prevents malicious actors on the internet from knowing the IP addresses of your resources in your LAN and DMZ.

  3. Use virtual domains (VDOMs) to group related interfaces or VLAN subinterfaces. Using VDOMs partitions networks and adds security by limiting the scope of threats.

  4. Use transparent mode when a network is complex and does not allow for changes in the IP addressing scheme.

General considerations

  1. As the first step on a new deployment, review default settings such as administrator passwords, certificates for GUI and SSL VPN access, SSH keys, open administrative ports on interfaces, and default firewall policies. As soon as the FortiGate is connected to the internet it is exposed to external risks, such as unauthorized access, man-in-the-middle attacks, spoofing, DoS attacks, and other malicious activities from malicious actors. Either use the start up wizard or manually reconfigure the default settings to tighten your security from the beginning, thereby securing your network to its full potential.

  2. NAT mode is preferred for security purposes. NAT mode policies translate addresses in a more secure zone from users in a less zecure zone using a NATed IP address or IP address pool. This layer of obfuscation prevents malicious actors on the internet from knowing the IP addresses of your resources in your LAN and DMZ.

  3. Use virtual domains (VDOMs) to group related interfaces or VLAN subinterfaces. Using VDOMs partitions networks and adds security by limiting the scope of threats.

  4. Use transparent mode when a network is complex and does not allow for changes in the IP addressing scheme.