Welcome to WebProNews Breaking eBusiness and Search News
Advertise | Newsletter | Sitemap | News Feeds News Feed 
 WebProNews Search Part of the iEntry network iEntry inc. 

Fortinet Firewall Transparent Mode

A.P. Lawrence
Expert Author
Published: 2007-04-19

WebProNews RSS Feed


The Fortinet 50A is a firewall router designed for 10 users or less (this is an older model, now replaced by the 50B).

Out of the box, it is configured as a NAT DHCP device at 192.168.1.99. I simply plugged my Mac Powerbook into the Fortinet's "internal" port, refreshed my TCP/IP, and was able to use a browser to connect to the firewwall.

The browser configuration is easy to use and had no surprises. I could have also used ssh - I really appreciate having a command line interface available. After changing the mode to "transparent" and assigning an ip within my actual network, I repatched this so that it sat between my existing router and my switch - "internal" port to my switch, "external" to my router. Fortinet thoughtfully provides a crossover cable that I used for the external port (while most switches have autosensing ports nowadays and need no crossover, a router may not).

At first I thought it wasn't working - I was dead in the water. However, this was just reboot and initialization delay, within a few seconds everything was up and runniing.

In this mode, the Fortinet is simply inspecting packets as they go in and out of my network. However, its default rules allow all traffic to pass, so nothing changed for me. However, I now had a clear view of all network activity as it all had to pass through the Fortinet. Clicking into the details of current sessions showed me a screen that looked something like this.

Obviously most of the traffic is just web browsing sessions (80 as destination port). Other ordinary traffic includes udp 123 to 66.187.224.4; that's just one of my Linux boxes updating from "clock2.redhat.com". But what the heck were all these connections from udp 5071?

I suppose you could look up 5071 in /etc/services. That's not likely to be too illuminating:

$ grep 5071 /etc/services
powerschool 5071/udp # PowerSchool
powerschool 5071/tcp # PowerSchool


There's an easier way on Unix/Linux systems:

$ lsof -i:5071
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Skype 16765 apl 26u IPv4 0x4c51710 0t0 TCP *:powerschool (LISTEN)
Skype 16765 apl 27u IPv4 0x435a040 0t0 UDP *:powerschool


Ahh.. so that's what they are. Sometimes lsof doesn't tell the whole story though, so you need to dig deeper:

$ lsof -i:60495
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
JavaAppli 13702 apl 34u IPv6 0x435caf0 0t0 TCP [::10.1.36.30]:60495->sub-132ip118.e-commercepark.com:9233 (ESTABLISHED)
$ ps -p 13702
PID TT STAT TIME COMMAND
13702 ?? S 30:13.12 /Applications/PokerPages Software/PokerPages Software


Well, that's OK, I am playing poker on-line (actually waiting for a game scheduled for later), so nothing to worry about there. But something that has always bothered me is what's going on when I'm not looking?

The Fortinet can help with that. I can define a policy rule that blocks ALL traffic, but is applied only at night after I've gone to bed. From 10:00 PM to 6:00 AM, absolutely nothing can flow through the Fortinet after applying this rule.

Of course I could be a little less draconian: I could allow clock updates or any other traffic I need. Note that you don't need to worry about locking yourself out of the administration browser accidentally; the Fortinet is smarter than that.

Policy rules can also use "protection profiles" that inspect and provide more complex protection. This can include subscription services such as anti-spam and web filtering. Fortinet offers various services like this; availability varies by model.

There are network configurations that can't work in transparent mode; see "Asymmetric routing and other FortiGate layer-2 installation issues" for a deeper explanation of these conditions.

*Originally published at APLawrence.com

View All Articles by A.P. Lawrence



Receive Our Daily Email of Breaking eBusiness News


About the Author:
A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com

WebProNews RSS Feed

More Expert Articles Articles

Contact WebProNews
Advertisement





TOP NEWS

WebProBlog
The official blog of WebProNews.

Go to WebProBlog

Targeted Information for Business
WebProNews is part of the iEntry network

Internet Business: Marketing: Small Business:
WebProNews MarketingNewz SmallBusinessNewz
WebProWorld AdvertisingDay PromoteNews
EcommNewz SalesNewz EntrepreneurNewz

Software: Search Engines: Web Design:
WebMasterFree Jayde B2B DesignNewz
NetworkingFiles SearchZA FlashNewz
SecurityConfig SearchNewz WebSiteNotes

Developer: IT Management: Security:
DevWebPro ITManagement SecurityProNews
DevNewz SysAdminNews SecurityConfig
TheDevWeb NetworkingFiles NetworkNewz

The iEntry Network consists of over 100 web publications reaching millions of Internet Professionals. Contact us to advertise.
eBUSINESS RESOURCES






 Advertise | Contact Us | Corporate | Newsletter | Sitemap | Submit an Article | News Feeds
 WebProNews is an iEntry, Inc. ® publication - $line) { echo $line ; } ?> All Rights Reserved
WebProWorld
Ten most recent posts.


SearchBrains.com
NetworkingFiles
Featured Software


About WebProNews
WebProNews is the number one source for eBusiness News. Over 5 million eBusiness professionals read WebProNews and other iEntry business and tech publications.

WebProNews provides real-time coverage of internet business.

Free Email Newsletters:
WebProNews SearchNewz
WebProWorld DevWebPro
Marketing SecurityNews
Plus over 100 other newsletters!

Send me relevant info on products and services.


iEntry.com WebProWorld RSS Feed WebProWorld Contact WebProNews Print Version Email a friend Bookmark us SearchBrains.com SearchBrains RSS Feed