Best Practices for the Fortigate Firewall

Good habits Fortigate Firewall: first of all, the idea here is to share with the blog readers some important tips from the manufacturer in order for you to make the most of your firewall.

Initial considerations:

For security reasons, NAT mode is preferred because all internal networks or DMZs can have secure private addresses. Recommendation found in the manufacturer's documentation Fortinet.

If you still have doubts about NAT mode, check out this other post we created to help you, by clicking on this link on here.

Another important tip from the firewall manufacturer Fortinet: in principle try to use virtual domains (VDOMs) to group related interfaces or VLAN subinterfaces.

Not only the use of VDOMs, but also the transparent mode when a network is complex and does not allow changes to the IP addressing scheme.

Disable all the management features you don't need.

Above all, if you it is not necessary SSH or SNMP, try to disable it.
Since, SSH also offers another possibility for potential hackers to infiltrate.

First of all put the most used firewall rules on the top the list of interfaces. Also register only the necessary traffic.

Certainly the recording of logs, especially if it is for an internal hard disk, decreases the performance. In contrast, there are some alternatives from the manufacturer itself in the cloud or with appliances.

Enable only the required application inspections in Fortigate Firewall

First, keep alert systems to a minimum. If you send logs to a syslog server, you may not need SNMP or e-mail alerts, as this makes processing redundant.

Second, establish scheduled FortiGuard updates at a reasonable rate.

Help function in FortiGate Firewall (Help)

According to cookbook (manufacturer's material), to display a brief help during command entry, Press the question mark (?) key on the firewall management screen.

  • First press the question mark (?) Key at the command prompt to display a list of available commands and a description of each.
  • Then press the question mark (?) Key after a command keyword to display a list of objects available with that command and a description of each.
  • Finally, type a word or part of a word and press the question mark (?) Key to display a list of valid word conclusions or subsequent words and to display a description of each.

Shortcuts and key commands FortiGate Firewall

List valid word completions or subsequent words. If multiple words could complete your entry, display all possible completions with helpful descriptions of each.?
Complete the word with the next available match. Press the key multiple times to cycle through available matches.Tab
Recall the previous command. Command memory is limited to the current session.Up arrow, or Ctrl + P
Recall the next command.Down arrow, or Ctrl + N
Move the cursor left or right within the command line.Left or Right arrow
Move the cursor to the beginning of the command line.Ctrl + A
Move the cursor to the end of the command line.Ctrl + E
Move the cursor backwards one word.Ctrl + B
Move the cursor forwards one word.Ctrl + F
Delete the current character.Ctrl + D
Abort current interactive commands, such as when entering multiple lines. If you are not currently within an interactive command such as config or edit, this closes the CLI connection.Ctrl + C
Continue typing a command on the next line for a multi-line command. For each line that you want to continue, terminate it with a backslash (\). To complete the command line, terminate it by pressing the spacebar and then the Enter key, without an immediately preceding backslash.\ then Enter
Scroll to Top