This document provides an overview of the key features and capabilities of the FortiOS firewall, including policy management, network address translation (NAT), traffic support, hardware acceleration, identity-based policies, policy objects, and the policy table interface. Key capabilities include granular user and device-based policies, policy coloring and tagging, intelligent object searching, and hardware offloading for high performance packet processing.
4. 4
Policy Table Firewall
Configurable column
settings
Object Coloring
Policy counters
Smart object search
Drag-and-drop policy
rearrangement or
moving objects
Direct object/policy
edit with right click
5. 5
Identity based Policy
User Identity based
Security Policies
Assign access policy
and profiles to each
User Groups or Users
Device Identity based
Security Policies
Assign access policy
and profiles to each
Device Type or Device
Group
User Group #1
User #1
User #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
Firewall
SRC
#1
SRC
#1
Device Group #1
Device Type #1
Device Type #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
SRC #1
SRC #1
6. 6
Policy Management
Policy
Control Traffic when they
transverse through the device
» Interfaces, zones (group of
interfaces), VLANs and SSIDs
segments
Components
» Firewall configuration
» NAT settings, Traffic shaping
settings
» Security instructions, eg, scan
for viruses, detect attacks, etc
» Logging Options
Firewall
7. 7
Policy Management
Source Types
Merged policies (IP, User & Device)
“AND” Operations if more than one type of source is used
AND AND
Firewall
8. 8
User Group #1
User #1
User #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
IP #1
IP #1
-
Device Group #1
✔
✔
- -Service Port #2
DST #1
DST #2
IP #1 - ✗
User #1
User #2
-Service Port #2DST #3IP #3 Device Group #2 ✗
User #1
User #2
-Service Port #2DST #3IP #3 - ✔
Policies are matched top-down. The policy table may
consist of different policy types.
Policy Management Firewall
9. 9
Policy Objects
FortiGuard GeoIP DB
Distributed as FortiGuard
Update, Requires Valid FortiCare
Contract
Manual update required using
CLI Command
GeoIP override is configurable
Supports IPv6 addresses
Firewall
11. 11
H/W Acceleration Firewall
Legacy Security Gateway
Appliances
FortiGate with FortiASIC
CPU offload
Initial session
setup
Instruction
download
12. 12
Contattaci Gratuitamente …
Certified experts in Fortimail and email
security
Certified experts in Fortiweb and web
application firewall protection
Certified experts in FortiAp, FortiWifi
and wireless security
CONTACTS
Tel. +39 049 8843198 DIGIT (5)
contacts@lanewan.it
www.lanewan.it
In questi anni di partnership con la casa madre,
Lan & Wan Solutions ha ottenuto tutte le
specializzazioni previste nei vari iter di certifica-
zione, raggiungendo la qualifica di Partner Of
Excellence.