i am not new to the Fortigate line of routers but have questions regarding IPS and how/when to implement it.
if i am configuring a new fortigate router for a client that has a small office network /w domain server (IE: 10pc / 1DC) how should IPS be implemented...if need be? port forwards that would be set up for the server would be port 80 and port 443 and nothing for the desktop clients except maybe RDP access.
#1 would it be needed?
#2 would i just apply the default IPS filter on the WAN to LAN policy for the port forward?
any info would be greatly appreciated.
Thanks,
Gary.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just a little tip for you all... enable IPS on the outgoing policies (the browsing ones i.e.) and try the vulnerabilities tests on wicar.org then let me know
In the ransomware era, the idea of apply IPS on the "from internet to internal (via VIP)" appears to be really really old.
Just a little tip for you all... enable IPS on the outgoing policies (the browsing ones i.e.) and try the vulnerabilities tests on wicar.org then let me know
In the ransomware era, the idea of apply IPS on the "from internet to internal (via VIP)" appears to be really really old.
Hello,
What Fortigate model will be used in this setup?
The smaller desktop models doesn't have a content processor, so the throughput will be kind of low if you apply IPS on any model below 100D.
That however, is a fair price to pay usually.
I would say that you should always apply ips/av on incoming traffic from internet if possible, but create custom profiles with narrowed down scope of signatures - If you have a webserver running linux and apache, create an ips profile that is sorting out everything else BUT linux server and apache webserver.
Try to not use the default filter at all, since it has to check the traffic against everything. Narrowing down what is checked is a good practice when your resources isn't unlimited...
If you don't have any incoming traffic from internet - Create a custom profile that protects your AD-server maybe?
You still need to have the servers and the users on different networks for it to work. Users and servers on the same network segment is not a good practice since they will be able to reach each other without going through the firewall at all.
It is possible to use proxy-arp in the firewall etc, but simplest and safest solution is to keep users and servers on different vlans and networks.
The same goes for outgoing traffic to internet. Create an ips policy for windows clients and apply it to the outgoing traffic. Check your cpu and ram usage. If it peaks/flatlines, you need to cut back on something. But as I said in the beginning, it all depends on your Fortigate model.
On my lab 51E, traffic speed drops to around 60Mbit/s with av/ips on. Depending on your ISP speed, that might be ok or not for you. The 600D on one of my clients can push over 4Gbit/s with ips on, and they have 100Mbit internet... So, they apply ips/av to just about everything.
Richie
NSE7
I agree with kallbrandt and I'd like to add that the you'll have the best performance from the 300D that with its NP6 is able to fully offload IPS traffic (for this reason the IPS Enterprise Mix throughput of a 200D is 350 Mbps and in a 300D is 2 Gbps).
this particular set up would be using a 30D
How many users? And internet throughput?
Alby23 wrote:Thanx for Wicar tip. First i thought it was a typo :)Just a little tip for you all... enable IPS on the outgoing policies (the browsing ones i.e.) and try the vulnerabilities tests on wicar.org then let me know
In the ransomware era, the idea of apply IPS on the "from internet to internal (via VIP)" appears to be really really old.
You could try but please monitor the RAM Usage in order to avoid Conserve Mode.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.