Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
flodnar31
New Contributor

Created on ‎09-20-2016 02:00 AM

Fortigate Vulnerability Assessment

Hi guys   Can you recommend best and tested Vulnerability Assesment and Security Audit tool for Fortigate Firewalls??!! Both Open source and Licensed.   Need to assest our network which has new deployed Fortigate firewalls. Can you help me out guys!! :)   Thanks!!..
6580
0 Kudos
4 REPLIES 4
flodnar31
New Contributor

Created on ‎09-20-2016 07:34 PM

I have Nipper here but it seems like it is only for cisco.    Can you guys recommend any tools both open source and Licensed.   Thank you.
2200
0 Kudos
emnoc
Esteemed Contributor III
In response to flodnar31

Created on ‎09-20-2016 09:12 PM

nessus or qualys or saint   Any thing that current, uptodate and has support is A+ imho

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2200
0 Kudos
flodnar31
New Contributor
In response to emnoc

Created on ‎09-21-2016 02:41 AM

Thanks Emnoc for the suggestions..have any idea for an open source VA and security audit tools also?

 

The IT head also ask if we could have configuration security audit like what "Nipper" does. Which I think the Free version is only working for cisco, or Any Device Hardening Document for Fortinet we could check

 

Thanks guys!..

2200
0 Kudos
emnoc
Esteemed Contributor III
In response to flodnar31

Created on ‎09-21-2016 09:43 AM

None that I know of and nipper is not  avulnerability tool imho. As far as BCP use the  fortunate latest BCP on proper or recommended practices.

 

allowacces ( no telnet, or http UNLESS you have to and you never should  have a need for this  )

 

snmp access restrict

 

audit any fwpolicies with "any"  in it 

 

fwpolicy ordering ( seq )

 

strike  all weak ciphers from any VPN-ipse ( des or 3des no-no, use  SHA1 or better over md5, dhgrp 14 or better but no less than 5,etc.....)

 

disable weak SSL protocol ( management interfaces, sslvpn portal )

 

dropped all factory_fortinet certificate for internet facing 

 

audit  access profile for local users better yet deploy a remote-auth solution ( ldap free radius tacacs are all free and open source )

 

enable logging off appliance

 

following rel-notes and upgrade as required 

 

etc...

 

Ken

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2200
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.