“Establishment of Secure Network Using FortiGate Firewall”
Class:08
Trainer:
Md. Ziaur Rahman
BSc Eng. In EEE, MSc in Computer Science. CISM,CCNP-Security, JNCIP(R&S,SEC,DC), PCNSE, Fortinet(NSE-4,5&7) & Sophos Architect. Fortigate HA: Whether your FortiGate is used as a security gateway, an internal segmentation firewall, in the cloud, or in an MSSP environment, as long as there is critical traffic passing through it, there is risk of it being a single point of failure.
Physical outages can occur due to power failures, physical link failures, transceiver failures, or power supply failures. Non-physical outages can be caused by routing, resource issues, or kernel panic.
Network outages cause disruptions to business operations, downtime, and frustration for users and in some situations may have financial setbacks. In designing your network and architecture, it is important to weigh the risks and consequences associated with unexpected outages.
FortiGate HA offers several solutions for adding redundancy in the case where a failure occurs on the FortiGate.These solutions support fast failover to avoid lengthy network outages and disruptions to your traffic.
HA Network Topology Cluster Configuration: To set up an HA A-P cluster using the GUI: Make all the necessary connections as shown in the topology diagram. Log into one of the FortiGates. Go to System > HA
. SDWAN Configuration: Creating the SD-WAN interface In this example, two ISP internet connections (wan1 and wan2) use SD-WAN to balance traffic between them at 50% each.
To configure SD-WAN using the GUI: .
1.On the FortiGate, enable SD-WAN and add interfaces wan1 and wan2 as members: 1. Go to Network > SD-WAN. 2. Set the Status to Enable. 3. Click the plus icon to add members, using the ISPs' proper gateways for each member. 4. If IPv6 visibility is enabled in the GUI, an IPv6 gateway can also be added for each member. See Feature visibility for details. 5. Click Apply to save your settings. SDWAN Configuration: Create a static route with virtual-wan-link enabled: Go to Network > Static Routes. Click Create New. The New Static Route page opens. From the Interface drop-down list, select SD-WAN. Click OK to save your changes. Create a firewall policy to allow the traffic: Go to Policy & Objects > IPv4 Policy. Click Create New. The New Policy page opens. For the Incoming Interface, select DMZ. For the Outgoing Interface, select SD-WAN. Configure the remaining settings as needed, then click OK to create the policy. Outgoing traffic will balance between wan1 and wan2 at a 50:50 ratio
