This video shows a simple firewall policy rule you can apply to your fortigate firewall to protect your network from a significant amount of malicious traffic.
Firewall has implicit deny for any traffic that comes from outside. Unless you have changed this by simply adding WAN as your source int and your internal interface as dest int. If you are referring to: what happens if a user tries to download a virus, When you create a security policy to allow outbound traffic from the internal network to the WAN, and if you have applied the antivirus security profile to that policy, it will protect against downloading malware or virus-infected files from the Internet to your internal network.
The basic rule of a firewall is to block traffic. So any attempts to connect to this firewall from outside to inbound is automatically blocked, unless a policy is created to allow it.
I know that there is an implicit deny rule at the bottom, but I am always doing a similar rule with known bad categories (and also with added third party feeds of known bad IP) an place it as the first firewall policy. It adds a little more security and it prevents known bad IP’s to hit your allowed inbound rules, e.g. a webserver.
Excellent tip, thanks for sharing it. Just one question with regards to the source address, any reason why you have selected all your vLAN/Addresses instead of All -> SpamDestination = Deny?
Two reasons. 1> When your firewall inspects traffic, it uses the firewall's processing resources. Those processing resources need to be managed with intentionality to your configuration. So It makes no sense to inspect literally every interface if there are interfaces where this inspection rule will never matter and have no benefit. Which ones are those? Well for one, the WAN interfaces do not need to be subjected to inspection of inbound traffic to malicious destinations that will never exist inside your network (or through it). That's an example of a hypothetical scenario where this would rule would not help by choosing "any". 2> Most firewall configurations do NOT have the multiple interfaces feature visible where you get to choose multiple source interface as well as the "any" source interface. so if I selected "any", ppl be like "it's not an option in my fw".
This is a next-gen Firewall which requires a subscriptions in order to keep up to date with worldwide threat intelligence. Threats are being created all the time, everyday. A subscription on your firewall allows it to receive this intelligence as soon as it's available. It's not enough to do classic firewall anymore. Threat intelligence is KEY to your firewall's ability to protect it's network from attacks. New Botnet domains are being created literally every moment of every day.
I do! Probably a combination of being in the Northeast where people just talk faster up here than many other parts of the world, and my 3rd cup of coffee contributed, and my desire to keep the video short. On a positive note, youtube lets you change speed of videos. I often find myself speeding up videos.
