Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best FGT Security Template
Hello all,
I create this topic to improve the overall settings (Log, Security settings, etc) of Fortigate device.
The goal is to create some templates to push them to the device.
Some of these recommendation settings are coming from other post.
Hope there' s no copyright...
Feel free to add your comments, template, etc
DISK
------
config log disk setting
set maximum-log-age 180 (default 7 days...)
end
APPLICATION CONTROL TUNING
---------------------------------
config ips global
set algorithm high
set database extended
set ignore-session-bytes 524288
set session-limit-mode accurate
end
GUI SECURITY
---------------
config system global
set strong-crypto enable
end
LOG
----
config log setting
set fwpolicy-implicit-log enable
set log-invalid-packet enable
Regards,
HA
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HA this is good but one template for one org might not be the best for everybody.
e.g
set fwpolicy-implicit-log enable set log-invalid-packet enableI never do this as a regular action item. Even the later could impact the unit with excess logging of things I wouldn' t care to see or need. I think even fortinet had put out warning on logging invalid packets the impact in the past. just my 2cts
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan