Skip to content
Menu
keep calm and ping
  • Home
  • Wireless
  • Networks and IoT
  • Fortinet
  • Health!
keep calm and ping

Fortinet

FortiFocus - Virtual IPs

This section emphasizes on the Virtual IPs section in the FortiGate. I've learnt something which is not obvious behaviour and one of those 'remind me later' moments that I've encountered.

VIPs are essentially Destination Network Address Translation (DNAT) objects. For sessions matching the VIP, the destination address is translated. Let us go through some examples

In the above diagram, all connections going out from 10.10.10.10 will use 203.0.113.22 and not 203.0.113.10 address.

Now, this is where it gets a bit tricky and deviate from default firewall behaviour. In the below firewall policy we would assume that no connections will be allowed to the LAN(internal_network) but VIPs can live up to their name (very important IP) and get users to access the web server even though the deny policy is at the top of the list.

Read more link text

SSL Inspection : Forti Focus

Often times we come across website which use certificates that not match the certificate of the site. It presents us with a warning message and option to proceed with risks, below image is quite common.

A number of applications and website that use SSL encryption correctly. In this case, the traffic goes through a Secure Sockets Layer (SSL) and is encrypted. However, there are risks associated with its use, since encrypted traffic can be used to around network. In common cases, users can unknowingly download a malicious file during an e-commerce session or there can be a phishing attachment sent with the secure email. Since the traffic is encrypted it can bypass the network's security measures. To protect from the threat, SSL encryption can hold the key to unlock the sessions, examine the packets to find possible threats and blocks them.

When the deep inspection is used, the FortiGate impersonates the recipient of the originating SSL session, then decrypts and inspects the content. After successful inspection, it re-encrypts the content and creates a new session between FortiGate and recipient. A certificate is used from FortiGate's own repository in order to re-encrypt the content.

There are 2 methods of deployment being used for SSL inspection.

Multiple clients connecting to multiple servers - This uses a CA certificate and applied to outbound policies destined to unknown servers or websites.

Protecting SSL server - Uses a server certificate, typically used for inbound policies

Read more link text

Share this...
Share on Facebook
Facebook
Email this to someone
email
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

Try!

CWSA Exam

CWSAFebruary 13, 2021
18 days to go.

2020 Certifications

||CWDP | CWAP || CWDPDecember 20, 2020

Recent Posts

  • The need for QoS, configuration on Extreme Aerohive
  • CWISA – Cellular Networks #CWSA #IoT #LTE #CWNP
  • CWSP-206 Exam Feedback
  • A Chunk of CWSP! (Work in Progress)
  • Remote Frame Captures & Application Issues on Wi-Fi

Categories

Follow me on Twitter

My Tweets

Blog Stats

  • 3,945 hits
©2021 keep calm and ping | Powered by WordPress and Superb Themes!