1-In some cases, some ISPs apply MAC security on the port they allocate to the institutions they provide internet to. In such cases, when the Firewall or Router is changed, the device that meets the internet in the institution (and the MAC address of that device) cannot be accessed because it is different. It would be very difficult to detect such a situation and identify the problem. Suppose you have determined that this is the problem and you want to change the MAC address of the WAN interface of the Fortigate. You can do this with the commands below.
config system interface
2-If you want to edit an IPv4 rule in CLI, you can right-click on the rule and click “Edit in CLI”. In the configuration, the section related to this rule will appear in the CLI that will appear on the POP-IP screen.
3-If you want to trigger the updates of IPS and AV databases manually, you can use the execute an update-now command from the CLI.
4-To prevent 2-layer 2 loops, open step forward under interfaces:
config system interface
set l2forward enable
set stpforward enable
5-If your external IP is changing dynamically, choose external IP 0.0.0.0 for redirects with Virtual IPs.
You can set how many days you want the logs to be stored on the disk via the 6-CLI with the following commands:
config log disk setting
set status enable
set maximum-log-age 30 ——–> Logs older than 30 days are deleted
In order to prevent attacks from the 7-TOR network, you can block TOR based on the signature in the Application Control section implemented in IPv4 Policy. Or you can write a static route that will apply to all written rules in a shorter way. Go to Network > Static Routes, create a new static route with the Add button, select “Internet Service” in the Destination section, select “Tor-Relay Node” in the submenu, select “None(Black Hole)” in the Device section and click OK.
8-If you trust a website and want to disable virus scanning for some reason while users access this website, go to Security Profiles > Web filter. For which Web filter profile you want to apply this, navigate to the relevant profile from the upper right corner. Go to Static URL filter, activate URL filter, write the URL you trust here and make “Action” Exempt. No virus scanning will be performed when navigating to exposed URLs.
- Recommended Practices for Better Performance*
1-Administrative Access that you do not need or use. For example, if you are not using SSH, or SNMP, turn them off. Malicious people can abuse them. To turn off a management feature, go under the interface you want to set under Network > interface. Under the Administrative Access heading, select which administrative accesses the people who will send packages from that interface can use or not. Turn off management accesses such as HTTP HTTPS (for web management interface connections) and ssh that do not need access by ordinary personnel for the VLANs where that personnel are located.
2-Log only the required traffic. Saving logs can reduce performance, especially if the hard disk on the device is used.
3- Minimize warning systems. For example, if you are sending logs to a Syslog and your SIEM is capable of generating alerts from these logs, you can turn off SNMP and email alerts on Fortigate.
4-Make Fortiguard (IPS – AV databases) updates in a reasonable time. If you don’t have a very sensitive situation, an update every 4 or 5 hours will be enough. If your internet is very heavy during the day, you can make the updates once in the evening.
5- Keep the security profiles used in an IPv4 rule to a minimum. For example, do not use security profiles such as Web filter, DNS filter in rules written for the internal network.
6-Keep VDOM numbers are as low as possible. Do not use VDOM in small boxes if possible.
Ut ac elit non mi pharetra dictum nec quis nibh. Pellentesque ut fringilla elit. Aliquam non ipsum id leo eleifend sagittis id a lorem. Sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Aliquam massa mauris, viverra et rhoncus a, feugiat ut sem. Quisque ultricies diam tempus quam molestie vitae sodales dolor sagittis. Praesent commodo sodales purus. Maecenas scelerisque ligula vitae leo adipiscing a facilisis nisl ullamcorper. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae;
Curabitur non erat quam, id volutpat leo. Nullam pretium gravida urna et interdum. Suspendisse in dui tellus. Cras luctus nisl vel risus adipiscing aliquet. Phasellus convallis lorem dui. Quisque hendrerit, lectus ut accumsan gravida, leo tellus porttitor mi, ac mattis eros nunc vel enim. Nulla facilisi. Nam non nulla sed nibh sodales auctor eget non augue. Pellentesque sollicitudin consectetur mauris, eu mattis mi dictum ac. Etiam et sapien eu nisl dapibus fermentum et nec tortor.
Leave a Reply