Hello everybody,
I would like to get some info's how you are dealing with Firewall Policies.
In our infrastructure we have multiple VLANs (clients, printers, servers, voip, etc), and from vlan to vlan I created separate firewall policies.
Example would be:
Sequience grouping: VLAN_CLIENTS to VLAN_SERVERS
1. Clients_To_FileServers - then I restricted from which VLAN to which VLAN, source and destination also, and we also restrict only the needed services.
It's the same principle for every other traffic that is needed.
Now when I look at the Firewall Policies, for somebody else it can be difficult to manage it way trough policies.
How I can make it less complicated but still as secure as it can be.
Example of our policies:
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Infotech! From the looks of this screenshot, your policies do not look complicated at all. What I would just make sure of is that each of your policies is being used and there are no redundant policies. When it comes to handling routing on the FortiGate, I have been guilty of accidentally creating redundant policies for specific hosts to access specific services. Other than that, your naming convention for everything here looks solid and I'm sure anyone with any firewall experience could navigate this just fine!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1545 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.