Need Help – Netscreen 25 with Fortigate 60.

Access control
Application security
Current threats
Digital certificates
Disaster Recovery
human factors
Identity & Access Management
Incident response
Instant Messaging
Intrusion management
Juniper Networks
Microsoft Exchange
Network security
PEN testing
Platform Security
Risk management
Secure Coding
Security Program Management
Security tokens
Single sign-on
vulnerability management
Web security
Hi All. Good Morning & Greetings of the season. I recently joined this company as a Network Security Specialist & the 1st task that i got assigned to myself was this. We have 3 locations - A (India) - Indian Operations B (California) - US Operations C (Datacenter) - Web & Media Servers My network setup is as given below. I have 3 fortigate 60 with me. I have a site-to-site VPN setup on the 3 FG60 boxes. My 3 office internal networks are: Location A - 192.168.0.X/ Location C - 192.168.1.X/ Location B - 192.168.2.X/ I have been given one Netscreen 25 (baseline). At the Location C - Datacenter, the data flow path is as follows: ISP Switch - Fortigate - Our Switch - Servers Now, I need to install this netscreen 25 after the Fortigate in the sequence above. i.e., my setups should be: ISP Switch - Fortigate - Netscreen - Our Switch - Servers I have been a total cisco & checkpoint guy so far & have never worked on netscreen earlier. Hence, I request from all you guys out here, to please suggest me & help me out. Best Regards, Nilesh Roy | +91 932 379 8440 Note: I know this email has arrived to you as out-of-nowhere. But I request your help please.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Develish
    Hi Nilesh We too are operating FG60's in Bangalore. Fortigate is a very powerful device. It uses a very formal Linux approach and structure in its operations. It is daunting initially, but is in reality reasonably easy to use. I was wondering why do you need to add a NS25 behind the FG60. Unfortunately, I do not have any experience in NS so I cannot advise you. We do have a reasonable library on the FG60 in our office. In case you need some help, send me a PM. Regards Devesh
    0 pointsBadges:
  • Mohul123
    Hi, Since both fortigate and netscreen are similar products my advice to you is: 1. logon to the fortigate web interface (https) and you should write down all the rules on a piece of paper. The important tabs are firewallpolicy, systemnetworkinterface - to see all the IP address of the firewall and the router section. 2. netscreen FW rules (called policy) are written from "zone" to "zone".From zone "internal" to zone "external".The physical interfaces belong to zones. You should connect to NS with both console cable and web (http) for initial configuration. 3. NS can be a layer 2 fw or a layer 3.You should consider both options. 4.You should copy the fortigate rules to the netscreen firewall with the exception of VPN rules in fortigate being written in NS with action "pass". 5. in NS you should decide if the interfaces will be in "route" mode or "nat" mode. 6. NS main issue is routing - you must set it up correctly. aner sagi CISSP JNCIA-FWV
    0 pointsBadges:
  • Nileshroy
    Thanks aner!! Your suggestion was kool Regards, Nilesh.
    0 pointsBadges:
  • Layer9
    Anar makes a good point that you really need to consider. That is, where to NAT. You need to pick one of the appliances, either the Netscreen or the Fortigate to perform NAT and PAT for your clients. You don't want to NAT on both devices so like Anar said, decide which one will NAT and PAT. If you "Double NAT" you will have problems. Chris Weber
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: