- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- penetration testing + fortigate
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
penetration testing + fortigate
hello everybody : i'm a student in the third year of a bachelor degree called : professional engineering degree in security ,network ,system .
i have a task to do with 2 classmates related to fortigate and pen.testing that we didn't study ,but later in june we will study the subject of pen.testing .
my question is , how can make an architecture ( PCs , routers , switches , firewalls , etc ) related to each others , then after a in-depth analysis of the architecture + pen.testing , use fortigate to secure the plateform (firewalls , vpn ,antivirus ) and also give the pros and cons that allow me to use fortigate rather than other firewalls , somebody can give me details to make such a good project , and also give me good advises to mix pen.testing and fortigate ?
N.B : Subject that i studied previously in this third year : CCNP (Routing,Switching) , Administation of windows server, Redhat (terminal commands , securing the plateform, administation) ,microsoft SQL Server , Vmware virtualization and cloud computing ,Comptia security + , ITIL , ISO 27001, ISO 27002 . Subject that i will study very soon : CCNP security , Ethical hacking and cybersecurity , management of a project .
kind regards
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I were your prof. I would have specifically instructed my students not to seek any help from professional communities like this forum (I would call it "cheating" ;), but look for information (documentations, articles, etc.) available on the internet, then build up your own knowledge how to build a secure network. I don't think your prof. is expecting much before entering the pen.test subject in deep.
I would suggest just search, like firewall concept, public network (aka. Internet) vs. private network, outside (untrusted) network vs. inside (trusted) network, and so on.
Since you've learnd switching already, you know how to use a switch with all other devices like PCs. Then in your case the FW(FortiGate) would be the routing (Layer 3) device in the routing&switching scheme.
Then the rest of your network architecture should come out naturally, unless your physical Internet connection is special and not come with a form of ethernet. There are countless of examples for how to set them up available on the internet as well.
For Pros&Cons of FGT or other FWs, it's quite difficult subject even for whom works for security networks with FW appliances for years. Even if known, most in this community wouldn't talk about it, otherwise it would be "politically incorrect". Just try your best searching on the internet. You might end up finding some in this forum's archive though.
Good luck.
Toshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure what your asking but pentesting the fortigate vrs the application or host is not the same thing.
As far as architect, yes a firewall ( fgt or any other ) , secures the host behind them. So are you asking for a topology and what the fortigate does that's different from vendor XYZ model?
Also have you looked at fortiguard pentest papers or services? You might get some answers from them, & if you can find the material. Your best bet would be to speak to SE from an local partner for details, or a MSSP that specialize in this area and with fortigates and pentests. Other ideals would be to run metasploit and see and witness what happens and logs that are generated when full IPS and SSL decryption is enabled.
Alternatively you can try to get the forcepoint evader and run that thru or find the numerous post or youtube videos of it vrs panw vrs ftnt etc....They run these test supposedly using the later IPS updates and are suppose to be unbiased and use tricks to evade detection by the firewalls.
Ken Felix
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Related Posts
Labels
-
FortiGate
6,526 -
FortiClient
1,301 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
241 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.