简介

防火墙

 

 

防火墙

ICSA 认证的 FortiGate 防火墙可以在互联网这个充满敌意的环境中保护您的电脑 网络。ISCA 已对 FortiGate 防火墙 4.0 版本授予了证书,确保了 FortiGates 可以成功 保护企业网络不受来自公共或其它非信任网络的各种威胁。

在完成 FortiGate 的基本安装后,防火墙可设置为允许用户从受保护内部网络访问 Internet,并同时封锁从 Internet 到内部网的访问。您可对防火墙进行设置,使其对 从内部网到 Internet 的访问,和从 Internet 到内部往的访问加以控制。

您可以使用以下选项灵活地配置 FortiGate 安全策略 : ·控制所有进入和输出的网络流通,

·控制加密的 VPN 流通,

·应用防病毒保护和 WEB 内容过滤, ·阻塞或允许对全部策略选项的访问, ·根据单个策略进行控制, ·接受或拒绝出入单个地址的流通, ·单独或成组地控制标准的和用户定义的网络服务, ·要求用户在获取访问之 前进行用户认证,

·包含了流通控制用以设置每条策略的访问优先权和带宽保证或带宽限制, ·包含日志用以逐个追记某策略下的网络连接, ·包含网络地址转换/路由 (NAT/ 路由)模式策略,

·包含混合 NAT 和路由模式策略。

FortiGate 防火墙支持网络地址转换 / 路由模式或透明模式。

NAT/ 路由模式

在 NAT/ 路由模式下 , 您可创建 NAT 模式和路由模式策略。

·NAT 模式策略通过网络地址转换对较不安全区域中的用户隐藏较安全区域中的地址。 ·路由模式策略在不执行地址转换下接受或拒绝区域间的连接。

透明模式

透明模式提供了与 NAT 模式相同的基本防火墙保护。从 FortiGate 中接收到的数据 包根据防火墙策略可被智能地转发或阻塞掉。FortiGate 可插入到网络的任何一点而不 需要对此网络或其它相关组件做任何的改变。然而,VPN、VLAN、多区域功能及一些高 级防火墙功能只能在 NAT/ 路由模式下使用。

虚拟专用网 (VLAN)

FortiGate 防病毒防火墙支持服从 IEEE802.1Q 标准的虚拟局域网 (VLAN)标签。 用 VLAN 技术,FortiGate 可以多个安全域提供安全服务和连接控制,根据添加到 VLAN 数据包的 VLAN ID 来识别这些安全域。FortiGate 可以识别 VLAN ID 并对安全网络和每 个安全域间的 IPSec VPN 数据流应用安全策略。它还可以为 VLAN 标识的网络和 VPN 数 据流提供认证、内容过滤和防病毒保护功能。

FortiGate-500 安装和配置指南

3

Page 15
Image 15
Fortinet 500 manual 防火墙, 虚拟专用网 (Vlan), Nat/ 路由模式, 透明模式

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.