Right now, some little HA cluster of two Fortigate routers helps some IT company in Ukraine to defend attacks from “Russian Federation”. Yes, it’s not only IRL war but also on the Internet.
Shit. Russia knocks on the door at my company every 5 minutes.
Fortinet firewalls are mysteriously rarely mentioned in opsec reports for exploits and vulnerabilities. Ive seen the list of CVEs by os version myself but rarely are they making the news for fuck-ups. Even when a serious vulnerability is reported in an EOL product, fortinet will often release a firmware to fix the problem anyway.
In contrast to many other brands, Fortinet (seems to) have their shit together.
When it comes to local-in policies and IP policies in general, a properly configured fortigate really knows how to tell the internet ‘NO’
Cyber-warfare vs Kinetic-warfare.
And yah, I’m pushing to build a better geo-fence at my work as a small part of a larger defensive architecture plan.
We believe in you little Fortigate cluster.
I’ve had a “No Russia” firewall rule enabled on my Fortigate for years. Also a “No China” rule. And a few Russian client states like Belarus are firewalled off too.
We don’t have any customers in those countries and no intention of doing business in those countries, and there’s nothing our people need that’s in those countries. All I get is attacks against my Fortigate from those countries. Bah, not gonna. BLOCK!
(Note – I am *not* in Ukraine. But Russian ops have been underway against most Western countries for at least a decade now. So.)
Guess it’s a little harder to block Russia entirely when they’re right next door and not across the globe.
If it’s configured right it will sit there and protect you without breaking a sweat. Be sure to read the hardening guide and follow is as far as possible.
I see what you did there…
Rusia was always in my blacklist for every device and rule
I had Russia, China, Syria, Iran, Iraq, Afghanistan, N.Korea in a local in policy both directions. FGT drops those traffics without breaking a sweat. I think Ukraine is also in the list. Looks like I’ll be adding Belarus to it next
We geoblock shady countries per default, sadly we see a lot of attacks from the Ukraine as well (before the war) so they are also blocked.
How do you go about creating a geo block with Fortinet? When i called support to do this, they just pointed me to the block policy that is default and said that’s all you need.
I want a geo block to knock out any bot nets or DNS calls from compromised internal assets if any.
Have you got a source for this information?
Yeah we blocked Russia and China. I think most places do.
Edit: Among other stuff, of course.
We blocked all traffic to and from every country we don’t do business with. I punch holes where necessary.
man this comment did NOT age well
Yeah, it’s a big pain in the ass. I would wish that country to be never existed.
But unfortunately Fgt can not protect Ukrainians from the rockets and bullets.
For the real attack, any firewall are nothing.