Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
flodnar31
New Contributor

Fortigate Vulnerability Assessment

Hi guys   Can you recommend best and tested Vulnerability Assesment and Security Audit tool for Fortigate Firewalls??!! Both Open source and Licensed.   Need to assest our network which has new deployed Fortigate firewalls. Can you help me out guys!! :)   Thanks!!..
4 REPLIES 4
flodnar31
New Contributor

I have Nipper here but it seems like it is only for cisco.    Can you guys recommend any tools both open source and Licensed.   Thank you.
emnoc
Esteemed Contributor III

nessus or qualys or saint   Any thing that current, uptodate and has support is A+ imho

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
flodnar31

Thanks Emnoc for the suggestions..have any idea for an open source VA and security audit tools also?

 

The IT head also ask if we could have configuration security audit like what "Nipper" does. Which I think the Free version is only working for cisco, or Any Device Hardening Document for Fortinet we could check

 

Thanks guys!..

emnoc
Esteemed Contributor III

None that I know of and nipper is not  avulnerability tool imho. As far as BCP use the  fortunate latest BCP on proper or recommended practices.

 

allowacces ( no telnet, or http UNLESS you have to and you never should  have a need for this  )

 

snmp access restrict

 

audit any fwpolicies with "any"  in it 

 

fwpolicy ordering ( seq )

 

strike  all weak ciphers from any VPN-ipse ( des or 3des no-no, use  SHA1 or better over md5, dhgrp 14 or better but no less than 5,etc.....)

 

disable weak SSL protocol ( management interfaces, sslvpn portal )

 

dropped all factory_fortinet certificate for internet facing 

 

audit  access profile for local users better yet deploy a remote-auth solution ( ldap free radius tacacs are all free and open source )

 

enable logging off appliance

 

following rel-notes and upgrade as required 

 

etc...

 

Ken

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors