Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rajaram
New Contributor

Created on ‎10-30-2024 12:09 AM

Fortigate FW Configuration tips

 

Fortigate .jpg

 

We have four firewalls in our network. Two are core firewalls in HA, and another two are production firewalls in HA. As of now, the prodcution firewall acts like a hub. The core firewall is the DHCP IP release interface to the prdoction firewal. 

 

what im asking how can i use the production firewall to secure the network from external network? cctv or office network.

please share you configurate details on the both the firewall

 
Regard
Raja
RegardRaja
Labels:
190
0 Kudos
2 REPLIES 2
adambomb1219
SuperUser
SuperUser

Created on ‎10-30-2024 04:18 AM

What is a "production firewall"?  What is "DHCP IP release interface"?  What exactly are you asking?  What "cctv or office network"?  Share what configuration details exactly? 

 

Are you wanting to collapse these firewalls into a single pair?  Sure that would probably work.  You could also use VDOMs if needed.

167
ezhupa
Staff
Staff

Created on ‎10-30-2024 04:40 AM

The "Prod FW" you mention is the internal FW according to the schematic. So if you want to protect/secure your network from external threats, that configuration would make more sense to be made on the "Core FW" which are external FWs and are exposed to internet access. 
By adding security to the Prod-FW you would assume that the security on the Core-FW has already failed and your network has been breached -> and in that case Prod-FW security profiles would only protect whatever is behind this HA Cluster. (not the core switch and the server connected to it)

That being said, what exactly are you trying to secure from? 
The FW by default will block any not-allowed traffic by a policy so as long as you filter and configure only correct FW policies overall the device itself should be secure. 
If you have extra specifications then that would be another discussion. 
General security hardening tips can be found on the below link:
https://docs.fortinet.com/document/fortigate/7.6.0/best-practices/555436/hardening

161
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.