Professional Documents
Culture Documents
Enterprise FW 01 Introduction To Network Security Architecture
Enterprise FW 01 Introduction To Network Security Architecture
Enterprise FW 01 Introduction To Network Security Architecture
FortiOS 7.2
© Copyright Fortinet Inc. All rights reserved. LastLast
Modified:
Modified:
January
January
23, 23,
20242024
Objectives
• Describe the enterprise firewall solution
• Explain the network security reference architecture and the Fortinet products it
comprises
• Describe the roles of firewalls and their placement in the network
• Understand FortiOS workspace mode
3
Evolution of the Enterprise Network
• Networks are no longer flat and one- • Enterprises must protect against a range
dimensional of constantly evolving threats
Segmentation Protection
Protecting only the perimeter is not enough Zero-day attacks, advanced persistent
threats (APT), polymorphic malware, insider
threats, and much more
1 2 3
Security-Driven Networking
Networking Security
Proxy Location
SWG
A B C 1 2 3
Devices Software
8
Network Segmentation Key Requirements
• Edge threat protection
• Full inspection to prevent security Data Center Deployment
threats
• Network segmentation
• Lateral threats movement with internal Clean traffic Clean traffic
Database segment
Internet
Malicious traffic Malicious traffic
MPLS
16
Firewall Roles in the Enterprise Firewall Solution
Firewall Purpose Deployment Target Typical
Role Layer Throughput Features
Deployed
PROTECTS MINIMIZES
Regulatory
Compliance
Trusted
Application
Access
SIMPLICITY
Servers
SUSTAINABILITY
21
Workspace Mode
• Start workspace mode:
• execute config-transaction start
• Configuration changes are made in a local CLI Start workspace transaction
process that is not viewable by other
processes
• Abort configuration changes:
Make FortiOS configuration
• execute config-transaction abort changes
• If changes are aborted, no changes are made
to the current configuration
• Commit configuration changes:
Revert/edit FortiOS configuration
• execute config-transaction commit changes
• After committing, the changes are available
for all other processes and the kernel
Commit/abort workspace
transaction
25
Lab 1—Introduction to Network Security Architecture
• Integrate ISFW port3 to a software switch
• Migrate all port3 settings to the new interface
• Merge NGFW port1 and port2 to SD-WAN
• Enable SD-WAN
• Update firewall objects to point SD-WAN instead