Download Using port pairing to simplify transparent mode

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
Document related concepts

Computer security wikipedia , lookup

Proxy server wikipedia , lookup

Cross-site scripting wikipedia , lookup

Security-focused operating system wikipedia , lookup

Mobile security wikipedia , lookup

Wireless security wikipedia , lookup

Network tap wikipedia , lookup

Deep packet inspection wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Unix security wikipedia , lookup

HTTPS wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Using port pairing to simplify transparent mode
When you create a port pair, all traffic accepted by one of the paired ports can
only exit out the other port. Restricting traffic in this way simplifies your FortiGate
configuration because security policies between these interfaces are preconfigured.
1. Switching the FortiGate unit to transparent mode and adding a static
route
2. Creating an internal and wan1 port pair
3. Creating firewall addresses
4. Creating security policies
5. Results
Protected web server
192.168.1.200
Internet
Router
WAN 1
FortiGate
Internal
Management IP
192.168.1.100
Internal Network
192.168.1.[110-150]
Switching the FortiGate unit
to transparent mode and
adding a static route
Go to System > Dashboard > Status.
In the System Information widget,
select Change. Set Operation mode to
Transparent.
Log into the FortiGate unit using the
management IP (in the example,
192.168.1.100).
Go to System > Network > Routing Table
and set a static route.
Creating an internal and
wan1 port pair
Go to System > Network > Interfaces.
Create an internal/wan1 pair so that all traffic
accepted by the internal interface can only
exit out of the wan1 interface.
Creating firewall addresses
Go to Firewall Objects > Address >
Addresses.
Create an address for the web server using
the web server’s Subnet IP.
Create a second address, with an IP range
for internal users.
Creating security policies
Go to Policy > Policy > Policy.
Create a security policy that allows internal
users to access the web server using HTTP
and HTTPS.
Create a second security policy that allows
connections from the web server to the
internal users’ network and to the Internet
using any service.
Results
Connect to the web server from the internal
network and surf the Internet from the server
itself.
Go to Log & Report > Traffic Log >
Forward Traffic to verify that there is traffic
from the internal to wan1 interface.
Select an entry for details.
Go to Policy > Monitor > Policy Monitor
to view the active sessions.
Related documents
Using two ISPs for redundant Internet connections
Using two ISPs for redundant Internet connections
Nona*s Homemade * Marketing Project * C Block Marketing Class
Nona*s Homemade * Marketing Project * C Block Marketing Class
Microsoft Word - Firewall change request form1
Microsoft Word - Firewall change request form1
An Initiative Approach to Determine STATE RAILWAY OF THAILAND
An Initiative Approach to Determine STATE RAILWAY OF THAILAND
homework 8
homework 8
Chapter 1: Protocols and Layers
Chapter 1: Protocols and Layers
Firewall Configuration
Firewall Configuration
Project brief 2007 COUNTRY: EGYPT PROJECT NAME: DAMIETTA
Project brief 2007 COUNTRY: EGYPT PROJECT NAME: DAMIETTA
Port Forwarding on Verizon Router
Port Forwarding on Verizon Router
Triangular Trade Route Imports and Exports
Triangular Trade Route Imports and Exports
Real Time Network Protection for Educational Institutions
Real Time Network Protection for Educational Institutions
Logging and Reporting for FortiOS 5.0
Logging and Reporting for FortiOS 5.0
System Administration for FortiOS 5.2
System Administration for FortiOS 5.2
Install and System Administration for FortiOS 5.0
Install and System Administration for FortiOS 5.0
What`s New for FortiOS 5.6
What`s New for FortiOS 5.6
FortiGate System Administration Guide
FortiGate System Administration Guide
FortiGate Administration Guide
FortiGate Administration Guide