Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

penetration testing + fortigate

hello everybody : i'm a student in the third year of a bachelor degree called : professional engineering degree in security ,network ,system .


i have a task to do with 2 classmates related to fortigate and pen.testing that we didn't study ,but later in june we will study the subject of pen.testing .



my question is , how can make an architecture ( PCs , routers , switches , firewalls , etc ) related to each others , then after a in-depth analysis of the architecture + pen.testing , use fortigate to secure the plateform (firewalls , vpn ,antivirus ) and also give the pros and cons that allow me to use fortigate rather than other firewalls , somebody can give me details to make such a good project , and also  give me good advises to  mix pen.testing and fortigate ?


N.B : Subject that i studied previously in this third year : CCNP (Routing,Switching) , Administation of windows server, Redhat (terminal commands , securing the plateform, administation) ,microsoft SQL Server , Vmware virtualization and cloud computing ,Comptia security + , ITIL , ISO 27001, ISO 27002 .  Subject that i will study  very  soon : CCNP security , Ethical hacking and cybersecurity , management of a project .


kind regards


If I were your prof. I would have specifically instructed my students not to seek any help from professional communities like this forum (I would call it "cheating" ;), but look for information (documentations, articles, etc.) available on the internet, then build up your own knowledge how to build a secure network. I don't think your prof. is expecting much before entering the pen.test subject in deep.

I would suggest just search, like firewall concept, public network (aka. Internet) vs. private network, outside (untrusted) network vs. inside (trusted) network, and so on.  

Since you've learnd switching already, you know how to use a switch with all other devices like PCs. Then in your case the FW(FortiGate) would be the routing (Layer 3) device in the routing&switching scheme.

Then the rest of your network architecture should come out naturally, unless your physical Internet connection is special and not come with a form of ethernet. There are countless of examples for how to set them up available on the internet as well.

For Pros&Cons of FGT or other FWs, it's quite difficult subject even for whom works for security networks with FW appliances for years. Even if known, most in this community wouldn't talk about it, otherwise it would be "politically incorrect". Just try your best searching on the internet. You might end up finding some in this forum's archive though.


Good luck.




Esteemed Contributor III

Not sure what your asking but pentesting the fortigate vrs the application or host is not the same thing. 


As far as architect, yes a firewall ( fgt or any other ) , secures the host behind them. So are you asking for a topology and what the fortigate does that's different from vendor XYZ model?


 Also have you looked at fortiguard pentest papers or services? You might get some answers from them, &  if you can find the material. Your best bet would be to speak to SE from an local partner for details, or a MSSP that specialize in this area and with fortigates and pentests. Other ideals would be to run metasploit and see and witness what happens and logs that are generated when full IPS and SSL decryption is enabled.


Alternatively you can try to get the forcepoint evader and run that thru or find the numerous post or youtube videos of it vrs panw vrs ftnt etc....They run these test supposedly using the later IPS updates and are suppose to be unbiased and use tricks to evade detection by the firewalls.


Ken Felix




PCNSE NSE StrongSwan

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors