Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Anyone used any of there products, especially Fortigates? Just wondering what there like to work with especially setting up and day to day maintenance?
|
Paul
Member
Registered: 16th Apr 02
Location: Oop north.
User status: Offline
|
They are AWESOME!
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Paul
They are AWESOME!
well they seem to do a lot, but just wondering anyone here has used them because we need to implent a function, being able to switch of groups of IPs ideal from outbound connections, whenever the need may be. But so far we've found nothing, only that users can be disabled/enabled which isn't what we're after - although we could bodge with cronjobs on a server, SSH'ing into the Fortigate and disabling/enabling rooms based on the users/students currently in there, so would be doing SQL lookups everytime to the timetable DB - one serious bodge 
|
Paul
Member
Registered: 16th Apr 02
Location: Oop north.
User status: Offline
|
I used to work with them, what is it your trying to do?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Paul
I used to work with them, what is it your trying to do?
with our current symantec system we're able to block groups of computers (ie: rooms), IP based, so the kids can't go on the internet in certain rooms (most classrooms have systems etc). However, with the Fortigate (which gets delivered in a few weeks) we can't find anything in the manuals to state that we can create groups of systems and enable/disable them when required (via IP/computer name).
Instead it seems to be user based, in terms of authentication for the outbound connections (ie: the internet) - and from reading we're only able to enable/disable users (will be linked in with our Windows AD using FSAE).
Perhaps we haven't read enough of the manual (it's pretty damn big ) but we haven't come across anything regarding blocking ip ranges, blocking via computer names or anthing to do with blocking actual computer and not users.
Any help will be much appreciated
P.s - A quick thought, can we block internal addresses using firewall policies (preferably computer names as systems are on dynamic ips)?
[Edited on 31-01-2008 by Dom]
|
Paul
Member
Registered: 16th Apr 02
Location: Oop north.
User status: Offline
|
You can setup policies on the fortigates to firewall certain ports, yes. You can also put in schedules so certain rules only apply at certain times of day. I believe you can have a poilicy that looks something like this:
TCP 80 | 192.168.1.0/24 | Mon 9-5
If you don't mind me asking, where did you buy it from?
[Edited on 01-02-2008 by Paul]
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Paul
You can setup policies on the fortigates to firewall certain ports, yes. You can also put in schedules so certain rules only apply at certain times of day. I believe you can have a poilicy that looks something like this:
TCP 80 | 192.168.1.0/24 | Mon 9-5
If you don't mind me asking, where did you buy it from?
[Edited on 01-02-2008 by Paul]
so we can block a range of internal ips? is it possible to groups ips and then enable/disable that policy for that group?
We're getting given them from the Hertfordshire council schools network (basically a county-wide network between all of the schools in the area - so our lease line runs thru councty hall, aka thegrid.org.uk) because the license for symantec (what the network currently runs on, there end) is running out, so all schools are being given fortigate-300a's (thats what i've been told so far anyways).
|
