Topic Thread

Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

FG301E IPS mode

  • 1.  FG301E IPS mode

    Posted 12-26-2018 22:45
    Hi all,

    I need to replace my current cisco ASA-IPS with FG301E Bundle with IPS service. I have multiple context on my current setup and I need to know if this device support fail-open on some interfaces? Anyone deployed this device as IPS?

    Thank you,

    Denilson

    ------------------------------
    Denilson [LastName] [Designation]
    Mr
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------


  • 2.  RE: FG301E IPS mode

    Posted 01-02-2019 02:24
    Hello,

    What do you want to mean by "fail-open" on interfaces ? Could you please give more details about your context or problem ?

    Because "fail-open" is configurable but maybe we don't talk about the same.

    thanks a lot.

    Best regards,

    ------------------------------
    Yohann [LastName] [Designation]
    Ing?nieur syst?me / r?seaux
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 3.  RE: FG301E IPS mode

    Posted 01-02-2019 08:14
    Edited by Deepak Kumar 01-02-2019 08:21
    Hi,
    I hope it is global (Vdom) basis.

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------



  • 4.  RE: FG301E IPS mode

    Posted 01-02-2019 11:02
    Hi Deepak,

    Thank you for your comment and yes fail-open same as bypass traffic without inspect in case of failing.

    For context mode it is possible assign more than one interface for each context even if are working in cluster mode?

    I have two router's one brings internet signal and other brings Mpls. The reason of vdom is to accommodate both flows.

    For vdom-a(internet) I want to assign interface 1,2,3 and for vdom-b(mpls) assign interface 4,5,6.

    Vdom-a interface 1 is connected to internet router(up link) interface 2,3 connect to firewall for internet purpose(down link).

    Vdom-b interface 4 is connected to mpls router(up link) interface 5,6 connected to firewall for mpls purpose(down link).

    Can I setup like this?

    Thank you,






  • 5.  RE: FG301E IPS mode

    Posted 01-02-2019 08:17
    Yes,
    Fail-open will work.
    https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/IPS/Configure%20IPS%20options.htm

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------