Fortigate - Some security questions

damianhlozano · ‎01-03-2025

Hello team!!!

Happy new year to everyone using gregorian calendar!!

I have the following 3 questions about Fortigate:

1) To block phishing I am using web filter, is there another Fortigate feature to add, to help blocking phishing attempts?

2) Is there any place in the Fortigate where I can see security alerts for applications installed on computers? I dont think so, but I'm asking just in case

3) You know another feature to block suspicious network activities in addition to DOS rules and IPS profiles?

This is for all the traffic comming through the Fortigate, not for traffic between 2 computers in the same LAN, of course.

Thanks in advance.

Regards,

Damián

Damián Lozano

AEK · ‎01-04-2025

Hi Damian

You can create a policy to deny traffic going to ISDB "IP Reputation Database"
FortiGate can't know what is installed on your computer, but can guess (by traffic signature) which application is sending the traffic from the comuter. You can use application control profile for that, as suggested by Jerry above
DoS, IPS, Web filter, DNS filter, certificate inspection, email filter, AV, ..., all of these can be used to block suspicious traffic

You are right, FGT can't see traffic inside the same VLAN, unless you use micro-segmentation, like the one provided by FortiSwitch when managed by FortiGate.

AEK

View solution in original post

dingjerry_FTNT · ‎01-03-2025

Hi @damianhlozano ,

1) Yes.

2) Not Sure what security alerts you are talking about. The certificate warning message?

3) Application Control

Regards,

Jerry

damianhlozano · ‎01-04-2025

Hello, thanks for your response!

No, I was no talking about certificate warning message

Damián Lozano

AEK · ‎01-04-2025

Hi Damian

You can create a policy to deny traffic going to ISDB "IP Reputation Database"
FortiGate can't know what is installed on your computer, but can guess (by traffic signature) which application is sending the traffic from the comuter. You can use application control profile for that, as suggested by Jerry above
DoS, IPS, Web filter, DNS filter, certificate inspection, email filter, AV, ..., all of these can be used to block suspicious traffic

You are right, FGT can't see traffic inside the same VLAN, unless you use micro-segmentation, like the one provided by FortiSwitch when managed by FortiGate.

AEK

damianhlozano · ‎01-04-2025

Thank you AEK!!

I didnt know about ISDB "IP Reputation Database", I will search for this, this seems very useful

All your response is useful!

Damián Lozano

kaman · ‎01-04-2025

Hi damianhlozano,

To enhance phishing prevention in Fortigate, in addition to using the Web Filter feature, you can also utilize the Antiphishing feature. The Antiphishing feature scans user names and passwords in submission traffic against sensitive corporate network credentials stored in the corporate domain controller.

By configuring antiphishing rules in proxy mode web filter profiles, Fortigate can block URLs or alert users when phishing attempts are detected. This feature provides an additional layer of protection against phishing attacks by specifically targeting credential phishing attempts.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-AI-driven-credential-phishing-prevention/t...

Regards,
Aman

damianhlozano · ‎01-04-2025

Thank you Kaman!!!

I will read about this

Damián Lozano

Fortigate - Some security questions

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website