FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that owning and managing a FortiGate firewall requires a blend of understanding network security principles and knowing the nuances of the FortiGate platform. Here are the best practices for FortiGate admins.
Scope
FortiGate.
Solution
Initial Setup & Configuration:
Default Settings: Always change default login credentials upon first setup.
Firmware Updates: Regularly check for and apply firmware updates. Keeping the device updated ensures to have the latest security patches.
Backup Configuration: Always back up the configuration, especially before making changes or updates.
Policy Management:
Least Privilege: Always apply the principle of least privilege. Only allow what is explicitly needed.
Policy Order: Given that FortiGate processes policies top-down, arrange them with more specific policies at the top.
Clear Naming: Use clear and descriptive naming conventions for policies to easily understand their function.
Regular Review: Periodically review and prune any obsolete or overly permissive rules.
Network Management:
Segmentation: Use VLANs and zones to segment the network, limiting lateral movement in case of breaches.
Secure Admin Access: Use dedicated management interfaces or VLANs, limit access to these interfaces, and use strong, unique passwords.
Two-Factor Authentication (2FA): Implement 2FA for administrative access.
Restrict Administrative Access: Use Trust-host to only be able to connect from a certain source IP.
Disable Unused Features and Interfaces: Minimize potential vulnerabilities by disabling features and interfaces not in use to reduce the attack surface.
Enable Secure Communication: Administrators should prioritize the use of HTTPS and SSH instead of HTTP and Telnet for secure management access.
Monitoring & Logging:
Enable Logging: Ensure policies, especially those permitting access from outside, have logging enabled.
Log Retention: Define a log retention policy based on the organization's needs and local regulations.
Regular Review: Regularly review logs for any suspicious activity.
Integrate with SIEM: If there is a Security Information and Event Management (SIEM) solution, integrate it with the FortiGate.
Advanced Security Features:
Intrusion Prevention System (IPS): Activate IPS to detect and prevent known malicious activity.
SSL Inspection: Implement Deep SSL Inspection for policies where traffic is encrypted to inspect traffic for threats. Ensure to adhere to privacy regulations and company policies.
Application Control: Control which applications can be accessed or used within the network.
Sandbox: Use FortiSandbox to analyze unknown files and links from the internet.
Maintenance:
Regular Backups: Schedule regular backups of the configuration.
Test Failover: If there is a high availability set up, periodically test failover to ensure it functions as expected.
Document Changes: Maintain documentation on any significant changes, including reasons and results of the changes.
Training and Awareness:
Continuous Learning: The cybersecurity landscape is always evolving. Regularly update the knowledge about the latest threats and best practices.
Fortinet Resources: Utilize resources provided by Fortinet, such as their knowledge base, forums, and training modules.
Support and Community:
FortiCare: Consider getting a FortiCare support contract for timely assistance and hardware replacement options.
Fortinet Community: Participate in Fortinet’s community forums. The community is a valuable resource for troubleshooting and learning best practices.
Always ensure that the practices align with any regulatory or compliance needs of the industry or region. It is often beneficial to engage with cybersecurity experts or consultants to review the FortiGate configuration and practices periodically.
