How to create DHCP server and a policy in the Fortigate

-
Here is an example script that demonstrates how to use the  fortigate-api  package to create a DHCP server and a policy in the Fortigate   from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = {     "default-gateway": "192.168.255.1",     "netmask": "255.255.255.0",     "interface": "vlan.123",     "ip-range": [         {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",}     ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict(     name="POLICY",     status="enable",     action="accept",     srcintf=[{"name": "any"}],     dstintf=[{"name": "any"}],     srcaddr=[{"name": "all"}],     dstaddr=[{"name&quo
Post a Comment

Do's And Don'ts

-

Do's and don'ts for approvals and mid-level officials:-

1. All classified work should be done on stand alone computers.

2. Take backup of all important information and files.

3. Do not enable remote access of file sharing form remote account.

4. Use secure deletion software for save file purging.

5. Use private browsing mode on public computers.

6. Don't store the information on private cloud service like Google drive Dropbox iCloud if it is an official purpose.

7. Store information only on original located removable storage media.

8. Always reboot when required to use public computers.

9. Clean up cache files after use.

10. Regularly update the firmware of wireless devices.

11. Disable remote management features in routers to protect against unauthorised access.

Do's and don'ts for System and Network Administrators:-

1. Administrator login should be restricted to account management.

2. Update software patches regularly on all systems.

3. DON'T use the built-in windows Administrator account for administrator functions/activities.

4. DON'T use generic / normal user account as a service account

5. DON'T reboot a system if-- 

  • You don't know who logged onto it;
  • You don't suspend the system monitors;
6. Take regular backups of all critical systems.

7. Regularly check your lock files for errors and warnings commerce so they can alert you to problems before they become a threat.

8. Power supply should be controlled throw UPS or surge protector.

9. Do not install computer systems industry environment.

10. Implement strong security protocols and policies.

11. Always enable the option in computers with "show hidden files and folders".

12. Implement of workflow process with proper documentation.

13. All system changes should be only on the basis of document approval.

14. Do not take up task which may not be completed on time-Beware the late Friday afternoon task.

15. Do perform regular security audits and test.

16. Do you constantly update and patch your network and devices.

17. Disable the auto turn / autoplay features for insecure download software application.

18. Create and implement policies and procedures:

  • Mobile device security policy,
  • Computer use policy,
  • Social media policy,
  • Password policy,
  • An email policy,
  • Least privilege security policy,
  • A Business Continuity (BC) plan, and
  • A Data Backup and Disaster Recovery (BDR) plan.
19. Do remind user to use hard to guess an uncommon passwords.

20. Don't use your admin account for non admin purpose.

21. Don't leave your network ID mercy of password protection.

22. Ensure regular cyber security updates are received by all employees.

23. Do stay virus updated. Follow cert-in and receive frequent bulletins about no in new exploit and attacks.

24. Don't allow your email program to "auto open" attachments.

******




Comments

Post a Comment

Popular posts from this blog

How to Configure VXLAN in FortiGate Firewall

-
Image
How to Configure VXLAN in FortiGate Firewall A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls with L3 connectivity in between. Ø Under Each Firewall we have one Cisco Switch with two VLAN configured i.e.;3500 & 3600 Ø Uplink for switches has been configured with 802.1Q trunk which is connected to FortiGate Firewall. Ø Each switch has two PCs connected one in VLAN 3500 & other one in 3600 VLAN. Ø We have configured VLAN and VXLAN on both the FortiGate Firewall. Ø In this topology PCs in the same VLAN will be able to communicate with each other through a L3 link using VXLAN technology and they will be encapsulated such that both the PCs will think that they are within the L2 domain.           FortiGate Firewall Configuration VXLAN Configuration: - FGT-1: config system vxlan     edit "vxlan3500"         set interface "port
Read more

Higher Availability in FortiGate and VRRP in Cisco

-
Image
  Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary.   By default, the selection process of HA in FortiGat
Read more

Python Script to take the Backup of Multiple device in a Network

-
Image
from netmiko import ConnectHandler Sw_1 = { 'device_type': 'cisco_ios', 'host': '192.168.6.10', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_2 = { 'device_type': 'cisco_ios', 'host': '192.168.6.20', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional, defaults to '' } Sw_3 = { 'device_type': 'cisco_ios', 'host': '192.168.6.30', 'username': 'admin', 'password': 'Admin@123', 'port': 22, # optional, defaults to 22 'secret': 'secret', # optional,
Read more