This document provides an overview of the key features and capabilities of the FortiOS firewall, including policy management, network address translation (NAT), traffic support, hardware acceleration, identity-based policies, policy objects, and the policy table interface. Key capabilities include granular user and device-based policies, policy coloring and tagging, intelligent object searching, and hardware offloading for high performance packet processing.

1. © Copyright Fortinet Inc. All rights reserved.
Inside FortiOS Firewall
Versione 5.2.4 – Mar 2015
Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche

2. 2
Overview Firewall
Policy Management
 Section & Global View
 IP, User & Device based Policies
 Policy Objects, Object tagging &
Coloring
 Traffic counters
NAT
 Static NAT, Dynamic NAT Support
 Central NAT Table
Traffic Support
 SCTP, GTP, ICMP
 Session helpers & ALGs
Hardware Acceleration*
 High performance across all packet size
 Ultra-low latency
 Innovative features that allows
accurate and effective policy
setup
Policy Table
*applicable to supported models

3. 3
Policy Table Firewall
Section View
Global View

4. 4
Policy Table Firewall
Configurable column
settings
Object Coloring
Policy counters
Smart object search
Drag-and-drop policy
rearrangement or
moving objects
Direct object/policy
edit with right click

5. 5
Identity based Policy
User Identity based
Security Policies
 Assign access policy
and profiles to each
User Groups or Users
Device Identity based
Security Policies
 Assign access policy
and profiles to each
Device Type or Device
Group
User Group #1
User #1
User #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
Firewall
SRC
#1
SRC
#1
Device Group #1
Device Type #1
Device Type #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
SRC #1
SRC #1

6. 6
Policy Management
Policy
 Control Traffic when they
transverse through the device
» Interfaces, zones (group of
interfaces), VLANs and SSIDs
segments
 Components
» Firewall configuration
» NAT settings, Traffic shaping
settings
» Security instructions, eg, scan
for viruses, detect attacks, etc
» Logging Options
Firewall

7. 7
Policy Management
Source Types
 Merged policies (IP, User & Device)
 “AND” Operations if more than one type of source is used
AND AND
Firewall

8. 8
User Group #1
User #1
User #2
UTM Profile #1
UTM Profile #2
Service Port #1
Service Port #2
DST #1
DST #2
IP #1
IP #1
-
Device Group #1
✔
✔
- -Service Port #2
DST #1
DST #2
IP #1 - ✗
User #1
User #2
-Service Port #2DST #3IP #3 Device Group #2 ✗
User #1
User #2
-Service Port #2DST #3IP #3 - ✔
Policies are matched top-down. The policy table may
consist of different policy types.
Policy Management Firewall

9. 9
Policy Objects
FortiGuard GeoIP DB
 Distributed as FortiGuard
Update, Requires Valid FortiCare
Contract
 Manual update required using
CLI Command
 GeoIP override is configurable
 Supports IPv6 addresses
Firewall

10. 10
Policy Objects
Intelligent Object Searching
 Initial implement on Firewall Address list
 Search by name, IP, wildcards, etc.
Firewall

11. 11
H/W Acceleration Firewall
Legacy Security Gateway
Appliances
FortiGate with FortiASIC
CPU offload
Initial session
setup
Instruction
download

12. 12
Contattaci Gratuitamente …
Certified experts in Fortimail and email
security
Certified experts in Fortiweb and web
application firewall protection
Certified experts in FortiAp, FortiWifi
and wireless security
CONTACTS
Tel. +39 049 8843198 DIGIT (5)
contacts@lanewan.it
www.lanewan.it
In questi anni di partnership con la casa madre,
Lan & Wan Solutions ha ottenuto tutte le
specializzazioni previste nei vari iter di certifica-
zione, raggiungendo la qualifica di Partner Of
Excellence.