Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Necron99
New Contributor

Two Tier / Dual Firewall design and best practices

Not sure what forum this belongs in so please move if this isn't the right place.

 

Looking for any articles, cookbook recipes, papers, thoughts, etc. on FortiGate best practices for two tier setups. One set will be FortiGate(s), but the other has to be another brand due to HITRUST.

 

Topology considerations: physical, virtual, hybrid p-v?

Modes: NAT/Route, Transparent, hybrid?

Networking: 10Gb Layer2/3 switch, use L3 on switch?

 

Thanks for any help!

 

4 REPLIES 4
emnoc
Esteemed Contributor III

suggestions and thoughts

 

1: You need to engage a partnet

 

2:  HITRUST cert does not  require two vendors , you  should get a consultant in HITRUST assestment and compliance guidelines

 

3: You requires should include what UTM  features that you  that would drive your  hardware devices and types

 

4: I doubt a cookbook exists

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Necron99
New Contributor

1: Maybe. I was really just looking for people who have been through this setup and see what experiences they could relate when they lived through their environment.

 

2: That is what our HITRUST auditor told us although I am getting information second hand. I questioned this myself but I will specifically ask to see the requirement now. I really don't think two tier setup is necessary.

 

3: Understood.

 

4: Figured but thought I would ask.

 

Thanks.

emnoc
Esteemed Contributor III

FWIW: Auditors like to spew a lot of " his/her opinions" have them provide the compliance  regulator paragraph/section .

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Necron99
New Contributor

Well, the best answer for 2. is it depends. Most companies will not need a two tier setup.

 

However, we are classified as a Tier 4 by NIST CSF which is what HITRUST uses. So yes, my company has a regulatory requirement for a two tier firewall setup anywhere we choose to have an Internet access point.

Labels
Top Kudoed Authors