Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Acceptance test procedure For FortiGate infrastructure.
Hi community, I am supporting a FortiGate infrastructure managing 36 FSW and several VPN tunnels. Could you help me finding what are the test I need to perform to certificate the system is stable before going to production?
Labels:
- Labels:
-
FortiGate
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Juan
Some suggestions (this is just overall):
Physical installation:
- Check proper rack mounting
- Clean cabling
- Cable category
- Labeling is ok and follows convention
- Power redundancy
- ...
Appliance configuration:
- Check firmware version is mature and recommended
- Firmware of FGT and FSW is the recommended in compatibility matrix
- Licensing
- NTP
- DNS
- Access to FortiGuard
- Signature updates
- Network interfaces
- SMTP config
- SNMP
- Syslog
- Mail notification
- Log settings and retention
- HA tests
- No existing alarm
- ...
Appliance hardening:
- Check if the latest patch of the used firmware version is installed
- SSL certificate for GUI access
- Trusted hosts enabled
- Password policy enabled
- Nominative users
- Users are assigned the right profiles
- Admin access is disabled on WAN interfaces and DMZ
- Any unused admin access protocol is disabled
- Strong cypher
- ...
Firewall policy:
- Check rules naming convention
- Rules are hardened (no any to any, no service any and so)
- Rules are using security profiles
- Logging enabled
- Test if attack is blocked by UTM
- Test if malware is blocked
- Perform all possible traffic tests (this will also test the network layer, routing and so)
- ...
VPN:
- Test SSL VPN connection
- IPsec VPN connection
- ...
AEK
AEK