Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiPhish
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Best Practices For Fortigate In School Setting
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best Practices For Fortigate In School Setting
I am going to be installing a Fortigate in a small secondary school. Can you guys give me a rundown of tips and best practices for content filtering in this environment?
I would love to get a list of recommended config options along with instructions on how to set it up.
Setting up filtering for a school seems like a bigger challenge as opposed to setting them up for a business which is where most of my experience with Fortigate is.
Thanks!
Solved! Go to Solution.
Labels:
- Labels:
-
5.2
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our company deals exclusively with the education market. While we remain vendor agnostic, I'm a big fan of the FortiGate - and several of Fortinet's products - in an educational setting and I recommend them whenever I think they're appropriate.
Here's an abbreviated version (focusing on content filtering) of our internal guide:
First and foremost, we always speak to administration about their needs and expectations. We also explain the practical limitations of the device and try to temper expectations. Suffice it to say, there have been many times when administrators have come to us in a panic: "How were students able to get onto this inappropriate site? We just spent $xx,xxx on this device, isn't it supposed to block everything?" Conversely, we deal with many schools who don't mind certain sites being accessible by students that others would want blocked. We use administration's guidance to build our content filtering policies.
Second, we always establish a logical organizational map of user groups and who should have access to what. We will use this for our group mapping.
Third, and this is optional, we recommend to our client that they have some sort of client management/MDM solution in place. While this doesn't directly affect perimeter security and content filtering, it's especially useful for distributing certificates when enabling deep SSL inspections. If you're a homogenous Windows environment, you can get by pretty well with GPOs. Likewise, you can do basic certificate pushes with Apple's Profile Manager for your Macs.
Fourth, we find out how users are accessing the network and determine how we will identify them. By now, we have created our groups in the FortiGate and mapped them accordingly to our LDAP environment.
For Windows clients bound to AD, you can have the FortiGate poll your domain controllers or retrieve logon info from the aggregate collector on a Windows machine that can be configured to either poll your DCs or install an agent. You may not like the idea of an agent on your domain controllers, so polling should suffice in many cases. We also found that polling is a must if you have Mac clients.
For clients connecting wirelessly and authenticating via RADIUS, enable the RSSO collector agent on the FortiGate (and configure the groups accordingly) and have your RADIUS server forward accounting packets to it. This works just fine with Microsoft's NPS.
If you're connecting non-AD-bound wireless devices and aren't using RADIUS authentication but want to apply content filtering policies, you'll either need to register individual devices into groups (which becomes inefficient and unwieldy for all but the smallest environments) or create a VLAN for wireless devices and use the FortiGate as the VLAN's gateway with captive portal enabled. The idea is to have a user login mapped for every device that accesses the network whenever possible. Using FortiAPs for your wireless network can make this process somewhat easier, but this is not always realistic.
Lastly, and depending upon your needs, have a look at the FortiAuthenticator. Think of it as the "professional" version of the FortiGate's SSO/authentication features. For example, it allows for users to register their BYOD devices via a self-service portal.
Best of luck!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings from a teacher,
I work in a K-12 school and want to clarify how to work with allowed and disallowed lists. We need to have the same websites whitelisted for teachers, social workers and school staff and blocked for students. How can we do this? We're planning to use Fortinet FortiGate 60E.
_ _ _ Access path: Troubles creating custom datasets and separating data for students and educators listed website writemyessaytoday
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! That means a lot coming from you, Mike.
I'm a big believer in taking a holistic, big picture view before delving into the technological bits and wrote our internal guides to share this philosophy with our technicians and sales people. We'd like to see Fortinet make a bigger push into the educational space, as we could use some marketing muscle behind our own case studies and evaluations.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
Need your help..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings from a teacher,
I work in a K-12 school and want to clarify how to work with allowed and disallowed lists. We need to have the same websites whitelisted for teachers, social workers and school staff and blocked for students. How can we do this? We're planning to use Fortinet FortiGate 60E.
_ _ _ Access path: Troubles creating custom datasets and separating data for students and educators listed website writemyessaytoday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to authenticate those aforementioned users in some way, so those users come to Fortigate identified already. Next you create different policies for each user group.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installing a Fortigate in a small secondary school for content filtering is a smart move to ensure a secure and productive online environment for students and staff. Here are some tips and best practices to consider:
Understand School Policies and Requirements: Before configuring the Fortigate, ensure you have a clear understanding of the school's acceptable use policies, content filtering requirements, and any legal considerations regarding internet usage in educational institutions.
Granular Policy Creation: Utilize the Fortigate's capabilities to create granular content filtering policies based on user roles, groups, or specific requirements. This allows you to tailor internet access permissions according to different user categories, such as students, teachers, and administrators.
Block Malicious Content: Enable the Fortigate's built-in security features to block access to websites known for hosting malware, phishing, or other malicious content. This helps protect the school's network and devices from cybersecurity threats.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When setting up a Fortigate for content filtering in a small secondary school, there are a few key best practices to keep in mind. First, it’s essential to prioritize safeguarding students while maintaining an optimal learning environment. Begin by setting up web filtering policies tailored to education, using FortiGuard categories to block inappropriate content such as adult material, violence, or gambling, while allowing educational websites and resources. You can create specific filtering profiles for different user groups like students, teachers, and administrators, ensuring they have appropriate access based on their roles. SSL inspection is also critical to ensure that encrypted traffic is properly filtered—ensure this is configured correctly to avoid loopholes. Enable application control to prevent access to unauthorized applications like VPNs or peer-to-peer sharing tools that students might use to bypass filters. Implement Safe Search enforcement to restrict inappropriate search engine results, and configure logs and reporting tools to monitor traffic and identify any potential misuse or suspicious activity. Additionally, set bandwidth limits to ensure that critical applications (such as learning platforms) are prioritized over recreational or non-essential ones. Finally, ensure policies are updated regularly, keeping pace with new websites, applications, and security threats. Fortigate provides user-friendly interfaces for configuring these settings, and using the built-in wizards can simplify the process.
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Radius Authentication with Dynamic VLAN Assignment 62 Views
- upgrade batch of FGT 6.4.6 to... 55 Views
- PPPoE MTU 64 Views
- TRAFFIC FORTIGATE OVER IPSEC 164 Views
- Fortiextender 120 Views
Labels
-
FortiGate
8,008 -
FortiClient
1,606 -
5.2
801 -
FortiManager
677 -
5.4
639 -
FortiAnalyzer
515 -
FortiSwitch
423 -
FortiAP
421 -
6.0
416 -
5.6
362 -
FortiClient EMS
362 -
FortiMail
300 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
187 -
SSL-VPN
174 -
FortiNAC
159 -
IPsec
154 -
6.4
128 -
FortiGuard
124 -
FortiGateCloud
98 -
FortiCloud Products
94 -
FortiSIEM
93 -
SD-WAN
88 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
68 -
4.0MR3
64 -
Firewall policy
53 -
FortiProxy
52 -
FortiEDR
50 -
Fortivoice
49 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
40 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
34 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
26 -
FortiConnect
25 -
Authentication
25 -
FortiWAN
24 -
FortiConverter
24 -
RADIUS
24 -
FortiGate v5.2
23 -
VDOM
23 -
FortiLink
22 -
Virtual IP
20 -
Web profile
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Fortigate Cloud
18 -
Logging
18 -
FortiMonitor
16 -
Traffic shaping
16 -
Application control
16 -
FortiDDoS
15 -
FortiPAM
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Admin
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiGate v4.0 MR3
8 -
FortiManager v4.0
8 -
FortiBridge
8 -
IPS signature
8 -
System settings
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
Traffic shaping policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Security profile
6 -
Port policy
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Web rating
4 -
Fortinet Engage Partner Program
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Application signature
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1 -
Cloud Management Security
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1468 | |
| 1006 | |
| 748 | |
| 443 | |
| 206 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.