默认防火墙配置

防火墙配置

 

 

默认防火墙配置

防火墙策略控制接口之间的连接。默认情况下,您内部网络中的用户可以通过 FortiGate 设备连接到互联网。防火墙阻塞其他所有的连接。防火墙被配置为用一条默 认策略匹配从内部网络上收到的所有的连接请求。这条策略指示防火墙将这些连接转 发到互联网上。

图 4: 默认防火墙策略

接口

VLAN 子接口

区域

地址

·服务

·任务计划

·内容配置文件

接口

添加策略可以控制 FortiGate 接口之间的连接和到这些接口的网络之间的连接。默 认情况下您可以添加控制内部、外部和 DMZ 接口之间的连接的策略。

要添加包含接口 1 到 8 的策略,您须按如下步骤将这些接口添加到防火墙策略 网格:

1

如果它们处在关闭状态,先要启动接口。

 

请见

第 113

启动一个接口

2

为接口添加 IP 地址。

 

请见

第 113

修改一个接口的静态 IP 地址

3

为接口添加防火墙策略。

 

请见

第 152

添加地址

VLAN 子接口

您也可以将 FortiGate 设备的配置中添加 VLAN 子网络接口以控制 VLAN 之间的连

接。关于 VLAN 的详细信息请见

第 116 页 配置虚拟局域网 (VLAN).

要添加包含 VLAN 子网络接口的策略,您须按如下步骤将 VLAN 子网络接口添加 到防火墙策略网格:

1 将 VLAN 子网络接口添加到 FortiGate 配置中。

请见 第 117 页 添加 VLAN 子网络接口

2 在 VLAN 子网络接口中添加防火墙地址。 请见 第 152 页 添加地址

区域

您可以在 FortiGate 配置中添加区域以将相关的接口和 VLAN 子网络接口分组,以 简化创建的防火墙策略。关于区域的详细信息请见 第 111 页 配置区域.

144

美国飞塔有限公司

Page 156
Image 156
Fortinet 500 manual 默认防火墙配置, Vlan 子接口, 144

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.