Hi security admins
Usually when I integrate FML or FWB, I don't use IPS profile (or any other security profile) in the FGT firewall rule that forwards SMTP traffic to FML and HTTPS traffic to FWB.
In my understanding, using security profiles at FGT level is probably useless since it will add more unnecessary load to my FGT, while FML & FWB should do the job much better than FGT.
I'm I right?
Does IPS profile (with deep inspection) at FGT level actually adds any additional layer of security that FML & FWB doesn't have?
What does Fortinet, other constructors and other security experts recommend here?
Hi AEK,
When integrating FortiMail (FML) or FortiWeb (FWB) with your FortiGate (FGT) firewall, it is common practice not to use the IPS profile or any other security profiles in the FGT firewall rule that forwards SMTP traffic to FML and HTTPS traffic to FWB. This is because FML and FWB are specialized devices designed to handle email and web traffic security more efficiently.
Using security profiles at the FGT level can indeed add unnecessary load to your FGT, as FML and FWB are optimized for handling specific types of traffic.
However, the IPS profile with deep inspection at the FGT level does provide an additional layer of security that FML and FWB may not have. The IPS profile can detect and prevent network threats that may not be covered by the security features of FML and FWB.
As usual, the IPS engine handles flow-based inspection process. The WAD process handles the proxy one.
This means using multiple layers of security controls to protect your network. While FML and FWB are specialized for email and web security, adding the IPS profile at the FGT level can enhance overall security posture by providing additional threat detection and prevention capabilities.
In summary, while it is common not to use security profiles at the FGT level when forwarding traffic to specialized security devices like FML and FWB, adding the IPS profile can provide an extra layer of security and is recommended for a comprehensive security strategy.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/122078/deep-inspection
Regards,
Aman
Hello AEK,
I agree that introducing additional security profiles for traffic forwarded to FML and FWB could affect performance, as these devices are designed to handle the inspection.
Whether to implement this dual inspection depends on the organization's preferences and policies. For environments with low network traffic and high performance firewalls, adding an IPS profile can be an effective combination, but that's just my opinion.
Best regards,
Thanks to both. It's more clear now.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.