Basics of Network Security – FortiGate and Beyond

Dipali BhaleraoDipali Bhalerao
4 min read

Table of contents

Welcome back!
In this series, Packets and Protocols, I’m taking you on a complete journey through real-world networking and security, based on hands-on experience with FortiGate firewalls, enterprise routing, VPNs, SD-WAN, ZSCLAR, SIEM, and SOAR solutions.

Here's What You’ll Learn – Module by Module:

Module 1: FortiGate Security Essentials

Get started with security fundamentals and understand how to harden a network from the edge:

  • Initial firewall setup & interface configuration

  • Deploying Fortinet’s Security Fabric

  • Crafting firewall policies and NAT rules

  • Enabling user authentication and access control

  • Web filtering and application control

  • Antivirus, IPS, DoS protection

  • SSL VPN deployment for remote users

  • Logging, monitoring, and certificate management

Module 2: FortiGate Infrastructure & Advanced Features

Dive deeper into core networking elements and FortiGate's role as a flexible infrastructure component:

  • Static & dynamic routing configuration

  • Implementing SD-WAN local breakout

  • Configuring Virtual Domains (VDOMs) for multitenancy

  • Layer 2 switching scenarios

  • Building robust IPSec VPNs

  • Fortinet Single Sign-On (FSSO)

  • Enabling High Availability (HA)

  • Troubleshooting with FortiGate diagnostic tools

Module 3 : Centralized Authentication & Identity Services

This module focuses on integrating FortiGate and enterprise networks with centralized authentication systems — a crucial component of secure access control.

Topics Covered:

  • Overview of AAA (Authentication, Authorization, Accounting)

  • Understanding centralized identity architecture

  • LDAP Integration with FortiGate

    • Bind DN setup

    • User group mapping

    • Policy-based user filtering

  • RADIUS Authentication

    • Setting up RADIUS servers

    • Assigning user roles via attributes

    • CLI and GUI config examples

  • TACACS+ Integration

    • Command authorization for admin control

    • Role-based CLI access

  • Real-world use cases:

    • MFA integration (e.g., FortiToken, DUO, MFA)

    • Role-based firewall access via AD groups

    • Troubleshooting auth logs and debugging failures

Module 4: Enterprise Firewall and Secure Network Architecture

This module focuses on enterprise-level implementations and advanced configurations:

  • Understanding FortiOS architecture

  • Live traffic/session analysis

  • Routing strategies within complex environments

  • FortiGuard services for threat intelligence

  • Centralized firewall management

  • Routing Protocols:

    • OSPF (Open Shortest Path First)

    • BGP (Border Gateway Protocol)

  • Advanced Web Filtering and Intrusion Prevention System (IPS)

  • IPSec and Auto-Discovery VPN (ADVPN)

Module 5: SD-WAN & Intelligent Traffic Management

Learn to build scalable, performance-optimized WAN infrastructures using Fortinet’s SD-WAN:

  • Introduction to SD-WAN concepts

  • Deep-dive into routing, sessions, and performance SLAs

  • Crafting SD-WAN rules for intelligent path selection

  • Traffic shaping, quality of service (QoS)

  • Integrating with other Fortinet services

  • Implementing Advanced IPSec

  • Secure, scalable deployment using ADVPN

Module 6: Cloud Security with Zscaler Integration

Zscaler Basics

• Introduction to ZIA (Zscaler Internet Access) and ZPA (Private Access)
• How Zscaler enhances cloud-based security

Firewall Integration

• Forwarding traffic from FortiGate to Zscaler
• Proxy chaining & PAC file usage
• Policy-based and static routing to Zscaler

Tunnel Deployment

• GRE and IPsec tunnel configuration from firewall to ZEN nodes
• Routing internet-bound traffic via Zscaler tunnel
• SD-WAN integration with Zscaler tunnels

Identity Integration

• User authentication via LDAP, SAML, SCIM
• XFF headers and user mapping
• Role-based policies and identity-aware filtering

Logging & Monitoring

• Real-time traffic logs in Zscaler portal
• Integration with FortiAnalyzer / SIEM via API
• Tunnel health, policy hits, and threat analytics

Use Cases

• Cloud proxy for remote and mobile users
• Secure local breakout for SaaS apps
• Extending FortiGate perimeter with cloud filtering

Module 7: OT (Operational Technology) Security

Dive into securing industrial and operational networks, which are becoming high-risk targets:

  • Fundamentals of OT infrastructure

  • Securing OT systems using segmentation and micro-segmentation

  • Validating and authenticating OT users

  • Using FortiGate to inspect and secure OT traffic

  • OT visibility with:

    • FortiSIEM

    • FortiAnalyzer

    • FortiNAC

    • Event correlation and real-time security alerts

Module 8: FortiSOAR – Automation & Incident Response

Learn to design automated security workflows using Fortinet’s Security Orchestration, Automation, and Response platform:

  • FortiSOAR design principles

  • Building custom playbooks

  • Connecting security tools across the environment

  • Automating threat detection, response, and reporting

📌 Follow me on Hashnode & LinkedIn for weekly updates.

3
Subscribe to my newsletter

Read articles from Dipali Bhalerao directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Packets and Protocolnext generation firewallFortigateFortinet networkingSD-WANzscaler

Written by

Dipali Bhalerao
Dipali Bhalerao

👋 Hello, I’m Dipali! 👀 I like sharing my technical journey through writing. My main goal is to clearly share what I learn, the problems I face, and how I solve them as I explore new technologies and work on real-world projects.