Playing around with doing some prep work on security profiles I will be
implementing once I micro-segment my datacenter traffic some. It's
pretty straight forward based on the IPS filtering options, to create a
sensor to protect a DHCP or DNS server ...
My setup is that of your traditional legacy WAN hub (data center) and
spoke (branch sites). Currently, my only Internet access is at my data
center. Even though they are on private WAN connections, the branch
locations' connection to the WAN is via F...
I know enough about FortiAuthenticator to be dangerous, so forgive me if
I come across ignorant on the product. I currently have mine setup where
I have a SAML connection to Azure where I can pull user and group
information; however, the only login e...
I am tweaking my DoS policies and have two inquiries for further
clarification purposes. I understand that my destination address in the
policy needs to be the public facing IP address for the servers/services
I am wanting to protect. 1. Is the firew...
I am following
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-iCloud-Private-Relay-from-bypassing/ta-p/228629
to block iCloud private relay from bypassing the security inspection. My
question come into the DNS filter portion o...
80F looks to be a very solid fit giving you some room to grow into (SSL
inspection throughput shows 715Mbps...so even if all 5 ISPs were
delivering you 100Mb and you were utilizing all at the same time, that's
only 500Mb max). I would be cognizant th...
I'm going to let @gfleming answer this one as with those branch level
models, I don't know if the ports defined as WAN ports and Internal
ports are just marketing verbiage (i.e.. I could use the port for
whatever I want even though it says "internal"...
"Today they have about 5 internet links of 100 and 50 mbps each"... I
guess I am still a little confused then. So just to confirm, you have 5
different ISPs and they are delivering you either 50Mb or 100Mb service
each to this 1 firewall? And you hav...
I understand. I implement mine as core installations so the attack
surface is much smaller compared to that of a GUI install. Would the
next step then be to treat it like tuning internal DoS policies...see
how it operates in a monitoring situation un...
