New FortiGate Setup - Creating Firewall Policies

IronMan · ‎01-14-2025

I have a FortiGate 101F that I just set up and I created a few policies like in the image below.

Everything is working but can someone check if I've done it right.

Internal LAN, is out network switch/Access point, Maxis-Internet is or internet line.

Have I done the security profiles correctly?

We're not subscribed to AntiVirus, so that's why its not in Internet policy, but somehow there's a basic one for Internal.

Screenshot 2025-01-15 151201.png

AEK · ‎01-15-2025

You may add application control profile to deny unwanted applications.

AEK

IronMan · ‎01-15-2025

I'll do that too.

But the firewall configuration part is done right? As in my current setup will prevent attacks to the network?

AEK · ‎01-15-2025

With this initial config you have covered a large part of the attack surface.

Other extra tuning may be done (like deep inspection) to block more attacks.

AEK

sw2090 · ‎01-15-2025

your second policy will never be hit because traffic from port2 to port2 is within one subnet and will not hit the firewall.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

vbandha · ‎01-15-2025

Hello @IronMan

You can also setup IPv4 DOS policy to protect against DOS attacks to your network:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-IPv4-DOS-policy/ta-p/1896...

Regards,

Varun

New FortiGate Setup - Creating Firewall Policies

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website