Hi,
when I build up a 2-stage firewall (edge + internal) with complete FortiGate (I know you should use 2 manufacturer) and the internet connection will terminate on the edge firewall. Which services (and licencing) you are using on the internal firewall? Do you also do webfilter on the internal firewall or do you use the security profiles only on the edge firewall?
Mark
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi markbo,
You can configured webfilter app control only in the edge firewall and you can take license only in edge firewall for webfilter and app control since double scanning for web traffic and application is not required.
But for AV, IPS it is recommended to take license on both the FW( edge & core). You can implement AV, IPS in both the FW since virus transmission can also happen internal to internal traffic
Please let me know if any further query is there to answer
Hey Mark,
as Salon mentioned:
- it makes sense to have webfiltering on edge firewalls, as webfiltering deals with outbound user traffic
- other features such as AntiVirus, AntiSpam and IPS would also be suitable for internal firewalls
-> to isolate internal networks from each other
-> to prevent any malicious traffic/attack/whatever from spreading that somehow originated inside your network (like an infected USB drive for example)
For Application Control, you can consider if you also need to monitor/block application traffic in your internal network (for example VNC or TeamViewer or RDP) and whether it makes more sense to leverage this at the edge; you might want to apply Application Control both internally and at the edge.
We have a white paper on internal firewalls: https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-protecting-your-network-from-th...
This might give you a good idea of what you want to set on your internal firewall to prevent any breach from spreading.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.