Subscribe:

Ads 468x60px

Featured Posts

29 November 2021

Fortinet FortiSwitch - Secure Simple Scalable

There are several challenges at the access layer today. On one hand, the number of devices is getting bigger and bigger. On the other hand, threats are increasingly complex and breaches more common. In addition, IT management is complex and personnel is scarce and expensive. Therefore, legacy Ethernet LAN’s are at capacity, standard network designs have to add a new security layer and the complexity increases time to resolve issues. Fortinet Fortiswitch helps us to deploy and manage a secure simple scalable model to address Ethernet access.

Most network administrators want to manage the whole network easily. They have lots of switches to manage and they also want visibility of what just happened. This is really difficult to achieve when we use the CLI, instead, we should use a network controller with GUI like FortiGate. Thanks to FortiLink, we can manage Fortinet switches and Fortinet access points from a unique web interface centrally. What’s more, FortiLink works at layer 2 and also at layer 3, which means, we can manage FortiSwitches from the FortiGate controller when they are in the same network (L2) but also when they need routing (L3) to reach each other.

FortiSwitch Deployment Options

There are lots of topologies we can deploy with FortiSwitches. We can deploy a basic one with a single FortiSwitch or a much more complex topology with MCLAG pairs and FortiGate HA Active/Passive cluster. When we deploy a FortiGate HA pair and multiple switches in star topology, we can configure an active FortiLink and also a standby FortiLink for redundancy. However, if we deploy a ring topology, we’ll see easily from the Security Fabric what is the InterSwitchLink (ISL) which is in STP discarding state.

FGT HA A/P with Two 1st-tier MCLAG Pairs

The Security Driven Networking enables a convergence of security and network access, thus, it extends security to the access layer. For instance, switches and APs can automatically quarantine a malicious device at the access layer to minimize attacks. We can also configure micro-segmentation to avoid spreading attacks over the LAN. Dynamic VLAN assignment or 802.1x policy are another two security features really useful which can be applied to FortiSwitches from FortiGate.

FGT NAC Policy

Managing switches and APs from FortiGate is great but when we have a lot of devices to manage, we need something else. FortiManager helps us in large scale deployments because we can assign templates, authorize, restart and upgrade easily all managed switches. In addition, we can assign VLANs and port properties such as 802.1x policy, PoE, DHCP Snooping, STP properties, IGMP Snooping, etc. Therefore, FortiManager is the best solution for large deployments.

FortiSwich Manager Module - Managed Switches

To sum up, network administrators are scarce and expensive, and most of them have lots of tasks to do daily. They want an easy way to manage all access devices from a single web page. In addition, security is already a must in the company. From my point of view, FortiSwitches is a good solution for all of them.

Regards my friends! How are you managing your switches?

22 November 2021

F5 BIG-IP APM – Configuring App Tunnels

I really like F5 BIG-IP APM because it has lots of use cases. We can use APM as a secure portal access with lots of resources such as SAML Resources, Webtop Links, Single Sign-On configuration, etc. We can also use APM as a SSL VPN in web mode or tunnel mode. In addition, thanks to the Visual Policy Editor (VPE), it's really powerful and easy to configure applications access from a security perspective.

This week, I’ve been working with the application tunnel feature where I’ve had to configure access to several apps through a tunnel. We didn’t want to use a Network Access, thus, the application tunnel fits the requirement. Therefore, we can watch in the next video how to configure a basic app tunnel to access to the F5’s management interface. However, this configuration is the same for other internal resources such as SSH or Webmail services.

Regards my friends! Did you know the App Tunnel feature?

Related Posts Plugin for WordPress, Blogger...

Entradas populares