Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FortiGate Firewall HOW-TO - DMZ

26,975 views

Published on

In the following slides we will show you how to create a #DMZ using the #FortiGate
#Firewall. See next chapters on #FortiGate configuration. Stay with us!

Published in: Technology
  • To get professional research papers you must go for experts like ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Ich kann eine Website empfehlen. Er hat mir wirklich geholfen. ⇒ www.WritersHilfe.com ⇐ Zufrieden und beeindruckt.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Did u try to use external powers for studying? Like HelpWriting.net ? They helped me a lot once.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating direct: ❶❶❶ http://bit.ly/2F90ZZC ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ❶❶❶ http://bit.ly/2F90ZZC ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

FortiGate Firewall HOW-TO - DMZ

  1. 1. FORTIGATE FIREWALL HOW TO DMZ www.ipmax.it
  2. 2. INTRODUCTION Almost every network needs to expose some systems to the public Internet. These systems should be reachable from the outside and, in the meanwhile, be protected against external attacks. This kind of configuration is obtained through the use of DMZs, which allow the access to only explicitly allowed services and hide the real server IP address. In the following slides we will show you how to create a DMZ using the FortiGate Firewall. In our configuration, we will use a single IP address (Internet side) and only the http/https service will be permitted. Keep in mind that you need a static IP address on the Internet facing interface in order to implement a DMZ always reachable from the outside!
  3. 3. CONFIGURING A DMZ To configure a DMZ you should configure an interface to be connected to your DMZ network. Go to System > Network > Interfaces and choose the DMZ facing interface. Only a static IP address should be configured, the remaining part of the configuration will be implemented elsewhere. A DMZ on the FortiGate firewall uses the concept of virtual IP addresses. These objects are a static NAT association between the public IP address and the internal server. Go to Firewall Objects > Virtual IPs > Virtual IPs and create your first Virtual IP (we will need two objects, one for the http service and the other one for the https).
  4. 4. CONFIGURING A DMZ - CONTINUED In the configuration menu give a Name to the virtual IP object and select the Internet facing interface (External Interface). Two more configurations will be needed, there is where the static NAT happens. In our example we have the Internet facing interface with an IP address of 172.29.130.86 and a web server with a private IP address of 192.168.254.2. Checking the Port Forwarding box, we can map the TCP port for the internal service to the TCP port we will expose to the Internet. The same configuration will be needed for the https service: create a new virtual IP object for the new mapping using port 443 instead of 80.
  5. 5. CONFIGURING LOGGING – CONTINUED Now we have to configure a new rule to allow traffic from the outside going to the DMZ. This time the communication session will go from the outside to the inside, so a reverse rule will be needed. Follow the example onto the right in order to configure the policy for the DMZ. As you could see, the incoming interface is the Internet facing one and the source address is “all” (everyone could connect to our server). The destination address is the Virtual IP object we have just configured for http and the service allowed is the same. Add the Virtual IP object and the https service to this rule (using the green plus buttons) in order to allow https also.
  6. 6. MORE NEEDS? See hints on www.ipmax.it Or email us your questions to info_ipmax@ipmax.it
  7. 7. IPMAX IPMAX is a Fortinet Partner in Italy. IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation. IPMAX srl Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171

×