Hello to all,
I would like to know you're best practices and approaches on configuring Firewall Policies to be as restricted as possible.
I want to restrict access as much as I can.
I think you get the point what I want to achieve.
We already have something like that for our branch office, but I want to see if there are some better recommendations.
And also I don't have zoning concept. Don't know if granular restrictions can be a lot of work with zoning since I'm going to have few VLANs etc.
This is an example of our branch office:
Like this our Firewall Rules are getting larger and more difficult to manage.
over 100 rules
Best Regards,
Nemanja
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can achieve this by restricting access as much as possible and implementing granular firewall policies. The best approach to achieve this is by implementations like giving users least privileges using application control, users authentication, roal-based access control, Granular Firewall Policies (create policies that allow specific clients to access specific servers on designated ports), Logging and Monitoring etc, hope this helps
Hi Nemanja
Here are some recommendations:
Just adding to AEK reply, you can check our best practices guide. I am pasting the link to the policies section, but you should check other relevant section as well.
https://docs.fortinet.com/document/fortigate/7.2.0/best-practices/862226/policies
You can achieve this by restricting access as much as possible and implementing granular firewall policies. The best approach to achieve this is by implementations like giving users least privileges using application control, users authentication, roal-based access control, Granular Firewall Policies (create policies that allow specific clients to access specific servers on designated ports), Logging and Monitoring etc, hope this helps
Great to see that you are prioritizing security. It is recommended to use zones and naming conventions for clarity. AEK's suggestion on interface pairs is smart. Keep it granular and efficient. Check out the link shared by Nchandan for detailed best practices.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.