Need Help – Netscreen 25 with Fortigate 60.

pts.
Tags:
Access control
Application security
backdoors
Biometrics
Browsers
Cabling
Compliance
configuration
CRM
Current threats
Database
Digital certificates
Disaster Recovery
Encryption
filtering
Firewalls
Forensics
Hacking
Hardware
Hubs
human factors
Identity & Access Management
Incident response
Instant Messaging
Intrusion management
Juniper Networks
Microsoft Exchange
Network security
patching
PEN testing
Platform Security
Policies
provisioning
Risk management
Routers
Secure Coding
Security
Security Program Management
Security tokens
Servers
Single sign-on
Spyware
SSL/TLS
Switches
Trojans
Viruses
VPN
vulnerability management
Web security
Wireless
worms
Hi All. Good Morning & Greetings of the season. I recently joined this company as a Network Security Specialist & the 1st task that i got assigned to myself was this. We have 3 locations - A (India) - Indian Operations B (California) - US Operations C (Datacenter) - Web & Media Servers My network setup is as given below. I have 3 fortigate 60 with me. I have a site-to-site VPN setup on the 3 FG60 boxes. My 3 office internal networks are: Location A - 192.168.0.X/255.255.255.0 Location C - 192.168.1.X/255.255.255.0 Location B - 192.168.2.X/255.255.255.0 I have been given one Netscreen 25 (baseline). At the Location C - Datacenter, the data flow path is as follows: ISP Switch - Fortigate - Our Switch - Servers Now, I need to install this netscreen 25 after the Fortigate in the sequence above. i.e., my setups should be: ISP Switch - Fortigate - Netscreen - Our Switch - Servers I have been a total cisco & checkpoint guy so far & have never worked on netscreen earlier. Hence, I request from all you guys out here, to please suggest me & help me out. Best Regards, Nilesh Roy | +91 932 379 8440 Note: I know this email has arrived to you as out-of-nowhere. But I request your help please.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Develish
    Hi Nilesh We too are operating FG60's in Bangalore. Fortigate is a very powerful device. It uses a very formal Linux approach and structure in its operations. It is daunting initially, but is in reality reasonably easy to use. I was wondering why do you need to add a NS25 behind the FG60. Unfortunately, I do not have any experience in NS so I cannot advise you. We do have a reasonable library on the FG60 in our office. In case you need some help, send me a PM. Regards Devesh
    0 pointsBadges:
    report
  • Mohul123
    Hi, Since both fortigate and netscreen are similar products my advice to you is: 1. logon to the fortigate web interface (https) and you should write down all the rules on a piece of paper. The important tabs are firewallpolicy, systemnetworkinterface - to see all the IP address of the firewall and the router section. 2. netscreen FW rules (called policy) are written from "zone" to "zone".From zone "internal" to zone "external".The physical interfaces belong to zones. You should connect to NS with both console cable and web (http) for initial configuration. 3. NS can be a layer 2 fw or a layer 3.You should consider both options. 4.You should copy the fortigate rules to the netscreen firewall with the exception of VPN rules in fortigate being written in NS with action "pass". 5. in NS you should decide if the interfaces will be in "route" mode or "nat" mode. 6. NS main issue is routing - you must set it up correctly. aner sagi CISSP JNCIA-FWV
    0 pointsBadges:
    report
  • Nileshroy
    Thanks aner!! Your suggestion was kool Regards, Nilesh.
    0 pointsBadges:
    report
  • Layer9
    Anar makes a good point that you really need to consider. That is, where to NAT. You need to pick one of the appliances, either the Netscreen or the Fortigate to perform NAT and PAT for your clients. You don't want to NAT on both devices so like Anar said, decide which one will NAT and PAT. If you "Double NAT" you will have problems. Chris Weber Layer9corp.com
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following