Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
damianhlozano
Contributor

Web filter profiles synchronization

Hello team!!!

 

I am thinking on acquire Fortigate routers for many sites.

The requirement is the following, I need to keep the same web filter and application control settings in all sites, even for "web rating overrides" (I dont want to synchronize every settings like interface addressess, etc, just web filter and application control related settings)

Is there a way to accomplish this with security fabric or whatever?

 

Thanks in advance.

Regards,

Damián

Damián Lozano
Damián Lozano
1 Solution
Debbie_FTNT

Hey Damián,

 

you can synchronise webfilter overrides (and a lot of other configuration) with FortiManager - you could essentially do a default configuration with policies, security profiles like webfilter etc, and push that out to all FortiGates, so all of them would have essentially the same configuration (with some localization for the different IP subnets the FortiGates would be in, etc)

You can do some object sharing with Security Fabric setup; the root FortiGate in the Fabric would share its objects like addresses and security profiles with all downstream FortiGates, which could in turn use those objects as well (but each FortiGate would require manual configuration of policies etc; the objects would just already exist to be used in policies).

FortiPortal (or FortiPrivateCloud) is a larger-scale solution typically used in MSSP setups; it functions as a tie-in to FortiAnalyzer and FortiManager and provides individual logins/portals to an MSSP's customers so they have access to their own configuration/devices on their premises, and the MSSP has a complete overview of all FGTs/FMG/FAZ in their possession.

It could technically achieve the same, simply because it utilizes FortiManager itself, but unless you're an MSSP managing a lot of FortiGates and looking to provide access for all your customers to the FortiGates on their site (while retaining control/visibility of what the customers are doing) FortiPortal is probably not a solution for you.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

5 REPLIES 5
funkylicious
SuperUser
SuperUser

Hi,

First of all, FortiGate's are not routers, but you could use one as such.

You could achieve sync with FortiManager or FortiPortal(?)  

"jack of all trades, master of none"
"jack of all trades, master of none"
damianhlozano

Sorry, I know Fortigate is a NGFW, not a router.  I usually tell router to any device connected to Internet, my fault.

The second one is a question?

Is it possible to synchronize web filter and app control profiles with FortiManager or FortiPortal?  I dont know.

 

Thanks

Regards,

Damián

 

Damián Lozano
Damián Lozano
funkylicious

I am unsure if FortiPortal is the cloudbased version of FortiManager or not, hence the (?) for it.

"jack of all trades, master of none"
"jack of all trades, master of none"
Debbie_FTNT

Hey Damián,

 

you can synchronise webfilter overrides (and a lot of other configuration) with FortiManager - you could essentially do a default configuration with policies, security profiles like webfilter etc, and push that out to all FortiGates, so all of them would have essentially the same configuration (with some localization for the different IP subnets the FortiGates would be in, etc)

You can do some object sharing with Security Fabric setup; the root FortiGate in the Fabric would share its objects like addresses and security profiles with all downstream FortiGates, which could in turn use those objects as well (but each FortiGate would require manual configuration of policies etc; the objects would just already exist to be used in policies).

FortiPortal (or FortiPrivateCloud) is a larger-scale solution typically used in MSSP setups; it functions as a tie-in to FortiAnalyzer and FortiManager and provides individual logins/portals to an MSSP's customers so they have access to their own configuration/devices on their premises, and the MSSP has a complete overview of all FGTs/FMG/FAZ in their possession.

It could technically achieve the same, simply because it utilizes FortiManager itself, but unless you're an MSSP managing a lot of FortiGates and looking to provide access for all your customers to the FortiGates on their site (while retaining control/visibility of what the customers are doing) FortiPortal is probably not a solution for you.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
damianhlozano

Perfect explanation!!!

Thanks a lot!

 

Regards,

Damián

Damián Lozano
Damián Lozano
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors