New FortiGate Setup - Creating Firewall Policies

Forum|Forum|1 year ago
January 15, 2025
3 replies
1653 views

I have a FortiGate 101F that I just set up and I created a few policies like in the image below.

Everything is working but can someone check if I've done it right.

Internal LAN, is out network switch/Access point, Maxis-Internet is or internet line.

Have I done the security profiles correctly?

We're not subscribed to AntiVirus, so that's why its not in Internet policy, but somehow there's a basic one for Internal.

Screenshot 2025-01-15 151201.png

FortiGate

AEK

SuperUser

You may add application control profile to deny unwanted applications.

AEK

IronManAuthor

Explorer

I'll do that too.

But the firewall configuration part is done right? As in my current setup will prevent attacks to the network?

AEK

SuperUser

With this initial config you have covered a large part of the attack surface.

Other extra tuning may be done (like deep inspection) to block more attacks.

AEK

sw2090

SuperUser

your second policy will never be hit because traffic from port2 to port2 is within one subnet and will not hit the firewall.

vbandha

Staff

Hello @IronMan

You can also setup IPv4 DOS policy to protect against DOS attacks to your network:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-IPv4-DOS-policy/ta-p/189653

Regards,

Varun

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded