Kiyoshi Kodama, SE Japan 07-Oct-2008

Slides:



Advertisements
Similar presentations
KX-NS1000 Initial Set Up For step by step : 16 May,
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
hotEx RADIUS Manager Installation
CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.
TEW-691GR Training TEW-691GR Training TEW-691GR 450Mbps Wireless N Gigabit Router.
RADIUS Server (Brocade Controller)
Advanced Networking for DVRs
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Firewall Typical Networking and Troubleshooting Common Faults.
Hands-on Networking Fundamentals
CBAC L AB. Nmap Port scanner Nmap: the beef, Zenmap: GUI frontend Findings before CBAC firewall c. What services are running and available on R1 from.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications.
1. 2 Device management refers to the IDS Sensor's ability to dynamically reconfigure the filters and access control lists (ACL) on a router, switch, and.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Confidential Configuring Attendant Console.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CIS 450 – Network Security Chapter 3 – Information Gathering.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
What’s New in Fireware v11.9.5
Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Network Security: Lab#5 Port Scanners and Intrusion Detection System
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
HotEx Radius Manager Installation. hotEx RADIUS Manager Network Diagram.
Integrating and Troubleshooting Citrix Access Gateway.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Module 10: Windows Firewall and Caching Fundamentals.
Footprinting and Scanning
How to setup DSS V6 iSCSI Failover with XenServer using Multipath Software Version: DSS ver up55 Presentation updated: February 2011.
Source NAT Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
What’s New in Fireware v WatchGuard Training.
Remote Access Using a Netgear DG834 Router 1http://
Run the on your PC to start the firmware configuration process Run IP Config Tool.
1 © 1999, Cisco Systems, Inc. 1293_07F9_c1 LocalDirector Version3.1.
Configuring Network Devices
TECH TIP – Videoconferencing settings for Apple AirPort Extreme wireless access point. SYMPTOM / ISSUE After connecting a set-top videoconferencing system.
UC Pro Troubleshooting Guide
CompTIA Security+ Study Guide (SY0-401)
Fortinet NSE8 Exam Do You Want To Pass In First Attempt.
Working at a Small-to-Medium Business or ISP – Chapter 8
Configuring ALSMS Remote Navigation
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
Footprinting and Scanning
Kiyoshi Kodama, SE Japan 11-July-2008
Configuring Attendant Console
FORTINET Network Security NSE8 Dumps - 100% Success
Internal test : Confidential 224B Port Quarantine Simple test
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Uninstalling Google App Sync
Network Load Balancing
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
1Y0-253 Exam Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
Fortinet Network Security Expert 4 Written Exam - FortiOS 5.4 Exam NSE4-5.4 Dumps PDF.
Footprinting and Scanning
CompTIA Security+ Study Guide (SY0-401)
* Essential Network Security Book Slides.
Chapter 10: Advanced Cisco Adaptive Security Appliance
Session 20 INST 346 Technologies, Infrastructure and Architecture
OWS + SureView Integration
Presentation transcript:

Kiyoshi Kodama, SE Japan 07-Oct-2008 Internal test Fortinet Japan Internal test : Confidential Does IPS load-balance works with HA A-A configuration? Kiyoshi Kodama, SE Japan 07-Oct-2008

Fortinet Confidential IPS load-balance with HA A-A Contents Test purpose I received question from partner that FortiGate product doesn’t support IPS load balance feature with HA A-A configuration. I would like to take evaluation test to clear that point them for government project. Configuration 2 x FortiGate 60B v3.00,build0726 (MR7) NAT mode Client PC connect to DMZ port. Target server connect to WAN1 port. Test scenarios Setup HA A-A configuration. Enable IPS and logging feature with Protection Profile. Enable Protection Profile on Firewall policy. Install nmap to client PC which is port scan tool. Run nmap, to send out the burst packets to “single” target server through FGT. Check HA status, it also take a look the attack log on FGT. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Setup HA A-A configuration Master DMZ: x.152.180 WAN1: x.150.180 PC-1 192.168.152.182 Server 192.168.150.151 Slave Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Enable IPS and logging features with Protection Profile. *You needs create IPS profile, under Intrusion Protection menu. Before select it. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Enable PP on Firewall policy. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Before, beginning to start test. Let’s check the Intrusion Detection counter on WEB UI. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Launch nmap tool on client PC. Enter the target IP address. Select scan profile. Click the scan button to run. Let’s wait to finish the port scan. It will takes couple of minutes. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Confirm when nmap process is stop. Go to HA status menu to check the Intrusion detection counter. It seems that 6 session was handle by slave device. But Master device IPS counter wasn’t same as slave. WHY? Let’s see the attack-log. Master Slave Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Go to the attack-log on both Master and Slave device. It seems that TCP traffic is load balanced (6 each), but UDP traffic doesn’t. Master TCP traffic (6) UDP traffic (3) Slave TCP traffic (6) Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A HA Guide v3.0 MR5 The primary unit receives all network traffic. All UDP, ICMP, multicast, and broadcast traffic is processed by the primary unit. The primary unit load balances virus scanning traffic, or optionally all TCP traffic and virus scanning traffic, among all cluster units. I see… TCP traffic is load-balanced by Master and Slave device. But UDP traffic doesn’t. Reason why that number is different… OK, Let send out TCP traffic only. How FGT works. Please see next slide. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A FGT does load-balance TCP traffic. (5 each) Master Slave Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Go to attack-log both Master and Slave device. TCP traffic is load-balanced by FGT. It is very clear to me. Master TCP traffic (5) Slave TCP traffic (5) Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Summary FGT does support IPS load balance with HA A-A configuration for TCP traffic. (AV traffic as well) Partner and Customer will clear about this point. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Configuration Points on this test. Enable to load-balance feature through CLI. # config sys ha #(HA) set load-balance-all The traffic is handle by weight-round-robin method, how to configure… #(HA) set schedule weight-round-robin The weighted round robin load balancing weight to assign to each cluster unit, e.g.… # set weight 0 1 …. 10 1 Need more information? -> Please refer to HA Guide. Fortinet Confidential IPS load-balance with HA A-A

Fortinet Confidential IPS load-balance with HA A-A Thank you Fortinet Confidential IPS load-balance with HA A-A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.