Fortinet black logo

NGFW Deployment

Deployment overview

7.0.0
Copy Link
Copy Doc ID 0da3e022-710e-11ed-8e6d-fa163e15d75b:139223
Download PDF

Deployment overview

This document covers Fortinet best practices to deploy a Next Generation Firewall (NGFW) for a small or medium business (SMB) environment. In this case, the customer environment is defined as:

  • A small to medium sized business ranging from 20 to 100 employees with several departments
  • Single location with a single WAN connection

Following are the goals of the deployment:

  • Deploy one FortiGate at the network edge.
  • Segment the network for different departments. Only staff, engineering, and IT departments are specified for brevity.
  • Provide Next Generation Firewall security by leveraging the Unified Threat Management (UTM) features of the FortiGate.
  • Implement security policies for the company by applying appropriate security profiles to firewall policies.
  • Configure wireless networks to provide access to department-specific resources.

    Secure wireless networks by using WPA2-Enterprise authentication linked to users on a remote server.

  • Send FortiGate logs offsite to FortiGate Cloud.
  • Leverage FortiSandbox to inspect suspicious files that do not match any existing virus signatures.
  • Harden the FortiGate to restrict management access from external sources.

Intended audience

This guide is primarily created for a technical audience who may be new to configuring FortiGates. The guide assumes a greenfield scenario where the FortiGate may be replacing an existing firewall, but is being configured for the first time. Networking and security fundamentals are assumed. While best practices are applied, customization by the administrator will be required to ensure the final configuration meets the business’ needs.

About this guide

The term NGFW is used to describe the combination of traditional firewall features, such as stateful inspection, VPN and packet filtering, with UTM features, such as anti-malware/virus, intrusion prevention, threat intelligence sources, and application awareness and control to name a few.

The deployment configuration detailed in this guide describes one way of configuring a FortiGate to provide security to small and medium businesses. The example is designed for a hypothetical company with typical security needs. The names of the VLANs and IP addresses are generic, and can be adapted for businesses with a different number of employees and departments.

The recommended configuration adheres to Fortinet security best practices and provides a base upon which administrators can add customizations and extensions to better match their needs when implementing additional technologies, such as SD-WAN, FortiSASE, and ZTNA.

Deployment overview

This document covers Fortinet best practices to deploy a Next Generation Firewall (NGFW) for a small or medium business (SMB) environment. In this case, the customer environment is defined as:

  • A small to medium sized business ranging from 20 to 100 employees with several departments
  • Single location with a single WAN connection

Following are the goals of the deployment:

  • Deploy one FortiGate at the network edge.
  • Segment the network for different departments. Only staff, engineering, and IT departments are specified for brevity.
  • Provide Next Generation Firewall security by leveraging the Unified Threat Management (UTM) features of the FortiGate.
  • Implement security policies for the company by applying appropriate security profiles to firewall policies.
  • Configure wireless networks to provide access to department-specific resources.

    Secure wireless networks by using WPA2-Enterprise authentication linked to users on a remote server.

  • Send FortiGate logs offsite to FortiGate Cloud.
  • Leverage FortiSandbox to inspect suspicious files that do not match any existing virus signatures.
  • Harden the FortiGate to restrict management access from external sources.

Intended audience

This guide is primarily created for a technical audience who may be new to configuring FortiGates. The guide assumes a greenfield scenario where the FortiGate may be replacing an existing firewall, but is being configured for the first time. Networking and security fundamentals are assumed. While best practices are applied, customization by the administrator will be required to ensure the final configuration meets the business’ needs.

About this guide

The term NGFW is used to describe the combination of traditional firewall features, such as stateful inspection, VPN and packet filtering, with UTM features, such as anti-malware/virus, intrusion prevention, threat intelligence sources, and application awareness and control to name a few.

The deployment configuration detailed in this guide describes one way of configuring a FortiGate to provide security to small and medium businesses. The example is designed for a hypothetical company with typical security needs. The names of the VLANs and IP addresses are generic, and can be adapted for businesses with a different number of employees and departments.

The recommended configuration adheres to Fortinet security best practices and provides a base upon which administrators can add customizations and extensions to better match their needs when implementing additional technologies, such as SD-WAN, FortiSASE, and ZTNA.