服务

 

 

防火墙配置

 

 

 

 

 

 

 

表 6: FortiGate 预定义的服务 ( 续 )

 

 

 

 

 

 

 

 

 

 

服务名称

内容

协议

端口

 

 

 

 

 

 

 

 

ESP

封装安全有效载荷。这个服务用于自动密钥交

 

50

 

 

 

换的 VPN 通道和手工密钥 VPN 通道,以传输加

 

 

 

 

 

密的数据。自动密钥交换 VPN 通道在使用 IKE

 

 

 

 

 

建立连接之后使用 ESP 传输数据。

 

 

 

 

 

 

 

 

 

 

AOL

AOL 即时消息协议。

tcp

5190-5194

 

 

 

 

 

 

 

 

BGP

边界网关协议路由协议。BGP 是一个内部 / 外

tcp

179

 

 

 

部路由协议。

 

 

 

 

 

 

 

 

 

 

DHCP- 中继

DHCP 中继协议。

udp

67

 

 

 

 

 

 

 

 

DNS

域名解析服务,用于查找域名对应的 IP 地

tcp

53

 

 

 

址。

 

 

 

 

 

udp

53

 

 

 

 

 

 

 

 

 

 

 

 

FINGER

Finger 服务。

tcp

79

 

 

 

 

 

 

 

 

FTP

FTP 文件传输协议。

tcp

21

 

 

 

 

 

 

 

 

GOPHER

Gopher 通讯服务。

tcp

70

 

 

 

 

 

 

 

 

H323

H.323 多媒体协议。H.323 是由国际电信联盟

tcp

1720, 1503

 

 

 

(ITU)核准的标准,它定义了通过网络进行

 

 

 

 

 

视频会议数据传输的标准。

 

 

 

 

 

 

 

 

 

 

HTTP

HTTP 是用于万维网的网页数据传输的协议。

tcp

80

 

 

 

 

 

 

 

 

HTTPS

使用安全数据包层面的 HTTP 服务,用于 WEB

tcp

443

 

 

 

服务器的安全通讯。

 

 

 

 

 

 

 

 

 

 

IKE

IKE 是用来使用 IPSEC 的 ISAKMP 获得原始认

udp

500

 

 

 

证密钥的协议。

 

 

 

 

 

 

 

 

 

 

IMAP

互联网消息访问协议 (IMAP)是用于接收邮

tcp

143

 

 

 

件消息的协议。

 

 

 

 

 

 

 

 

 

 

互联网定位服务

互联网定位协议包括 LDAP、用户定位服务和

tcp

389

 

 

 

TLS/SSL 上的 LDAP。

 

 

 

 

 

 

 

 

 

 

IRC

互联网聊天中继允许人们连接到互联网并加入

tcp

6660-6669

 

 

 

聊天组。

 

 

 

 

 

 

 

 

 

 

L2TP

L2TP 是一个用于远程访问的基于 PPP 的通道

tcp

1701

 

 

 

协议。

 

 

 

 

 

 

 

 

 

 

LDAP

轻型目录访问协议是用于访问信息目录的一组

tcp

389

 

 

 

协议。

 

 

 

 

 

 

 

 

 

 

NetMeeting

网络会议允许用户将互联网作为传输介质进行

tcp

1720

 

 

 

远程电信会议。

 

 

 

 

 

 

 

 

 

 

NFS

网络文件系统允许网络用户访问存贮在不同类

tcp

111, 2049

 

 

 

型的计算机上的共享文件。

 

 

 

 

 

 

 

 

 

 

NNTP

网络新闻传输协议是一个用于张贴、发布和接

tcp

119

 

 

 

收 USENET 消息的协议。

 

 

 

 

 

 

 

 

 

 

NTP

网络时间协议用于将计算机的时钟与时间服务

tcp

123

 

 

 

器同步。

 

 

 

 

 

 

 

 

 

 

OSPF

开放最短路径优先路由协议。OSPF 是一个公

 

89

 

 

 

共连接状态路由协议。

 

 

 

 

 

 

 

 

 

 

PC-Anywhere

PC-Anywhere 是一个远程控制和文件传输协

udp

5632

 

 

 

议。

 

 

 

 

 

 

 

 

 

 

PING

数据包互联网探索是一个用来判断是否可以通

icmp

8

 

 

 

过特定主机的 IP 地址进行访问的工具。

 

 

 

 

 

 

 

 

 

 

POP3

POP3 邮件协议用于从 POP3 服务器上下载邮

tcp

110

 

 

 

件。

 

 

 

 

 

 

 

 

 

156

美国飞塔有限公司

Page 168
Image 168
Fortinet 500 manual 156, FortiGate 预定义的服务 续 服务名称

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.