This question is against the very grain of my soul, but I have to ask.
In all cases (except this one), I setup very strict security rules to keep the networks I manage safe: very limited ports and services allowed, using web and DNS filters, etc.
I am asked to put in a Fortigate without knowing very little about the network. As best I can describe what I am being told, it should have the look and feel of two residential networks sharing one ISP. I can't make any other assumptions. I really cannot rule out things like custom apps or communications that have the look/feel of a game potentially.
I've started by just allowing all services in the IP4 policies, with AV, default DNS and SSL set (see attachment)
I will not have any easy access to this location should I need to adjust or correct for anything. And the location owner would be very demanding in something being addressed with all haste (this is as diplomatically as I can put that). They have absolutely no concepts of networks, much less network security.
Can anyone take pity on me (
) and offer some suggestions of things to deny? Or should I just leave then to their own devices?