FortiGate
FortiGate
Fortinet NGFW
1. What FortiGate Does2. Security Capabilities3. Networking4. Connectivity5. Deployment Modes6. Traffic Flow
1. What FortiGate Does
Traffic Control, Threat Prevention, VPN, SD-WAN, Segmentation & Visibility on a single platform.
Remote User ──┐
├── Internet ── ISP/Edge Router ── WAN1 (Primary)
Branch Office ─┘ WAN2 (Secondary)
│
FortiGate NGFW HA Cluster
FG-1 (Active) ←→ FG-2 (Passive)
│
Core Switch / Distribution Layer
├── Users VLAN
├── Servers VLAN
├── DMZ2. Security Capabilities
| Capability | Description |
|---|---|
| Stateful Firewall | Tracks connections and sessions |
| IPS | Intrusion Prevention System |
| Antivirus | Malware prevention |
| Web Filtering | Controls web access |
| Application Control | Identifies and controls apps (L7) |
| SSL/TLS Inspection | Decrypts and inspects encrypted traffic |
| DNS Filtering | Blocks malicious DNS queries |
| Threat Intelligence | Real-time threat feeds |
3. Networking
Routing & Switching
Static & dynamic routing, NAT, VLANs, SD-WAN
High Availability
HA clustering, Policy-Based Routing, Traffic Shaping, Multi-WAN
4. Connectivity
- •SSL VPN — Secure remote access via browser
- •IPsec VPN — Site-to-site VPN
- •Site-to-Site VPN — Branch connectivity
- •Remote Access VPN — User remote access
- •SD-WAN — Secure branch links
5. Deployment Modes
| Mode | Description |
|---|---|
| L2 Transparent | Inline bridge deployment (Layer 2) |
| L3 Routed | Default enterprise deployment (Layer 3) |
| L4 Stateful | Tracks connections (TCP/UDP/ICMP) |
| L7 Application | Identifies and controls apps |
6. Traffic Flow
Decision Pipeline
Identify → Inspect → Apply Policy → Allow/Block → Route → Log
Internet-bound
User Traffic → Identify → Inspect → Policy → NAT/IPS
Inbound Services
Internet → DNAT/VIP → IPS → Security Profiles → Allowed
Remote Access VPN
Remote User → SSL/IPsec → Auth → Internal Resources
Internal Segmentation
VLAN → Inter-VLAN Policy → East-West Inspection