Menu

US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

  • en
  • pl
  • Case Study

    Optimization of traffic filtering on NGFW Firewalls

    Fortigate 200F configuration optimization with Elasticstack

    A firewall is a basic element of corporate data protection. Its role is to allow or block traffic, which is based on filters set on individual ports.

    The problem arises when the Firewall configuration gets out of hand. Most often, this is a situation that results from the lack of proper hygiene at work, often associated with a significant burden on IT departments. Engineers overwrite old rules with new ones and do not update the rule base after completing projects.

    Companies invest in high-quality IT equipment, but they often forget that the equipment itself does not guarantee either security or proper operation. What we most often observe during audits, even in large and well-known companies, is poorly configured edge devices such as UTM, NGFW and a lack of access policy management.

    – Jakub Fabiś, Head of Sales, Grandmetric

    Client

    • FMCG company
    • Production for over 120 markets 

    Services

    • Audit of rules defined on a cluster of NGFW / UTM class firewalls (Fortigate 200F)
    • Analysis of network traffic between individual interfaces and security zones
    • Create traffic rules
    • Visualization of traffic flow and volume on individual interfaces using Elasticstack

    Implementation results

    The client’s systems are tightly secured

    The rules we created for NGFW are universal and can be used in the case of migration to another solution

    The client uses a convenient dashboard, independent of the manufacturer and visualizing how NGFW filters network traffic

    NGFW/UTM – Cybersecurity starts here

    Many years of negligence at a global beverage producer meant that engineers did not know which of the rules stored on the ports were up-to-date and in use, and thus they could not determine which way or where the traffic was led. Such a mess made it much more difficult to oversee traffic and assess whether the firewall was properly filtering traffic throughout the organization.

    Our client decided to tidy up the configuration of his NGFW devices to make it easier for engineers to troubleshoot network traffic.

    Our task was to understand how current Fortigate clusters were configured, and which rules are valid and which are not used. Then we organized and visualized the traffic thanks to the automation of flows between individual interfaces and security zones written by our team.

    The solution – the simpler the better

    1. Analysis of needs and audit of Firewall configuration

    We started with a detailed analysis of needs and an audit of the current configuration. We took a sample of network traffic from the whole week and based on it we prepared basic traffic control rules.

    2. Flow visualization

    The client did not know how their Fortigate were filtering traffic. In order to analyze which interfaces are used, between which interfaces there is a flow and to determine its volume, we have built our own analysis tool. For this purpose, we used the Elastic Stack (Elasticsearch and Kibana), which based on the data provided to it (source, destination, ports, VLANs) created an appropriate flow diagram (Sankey diagram).

    Traffic flow visualisation with Kibana
    Traffic flow visualisation with Kibana
    Traffic flow visualization between interfaces on NGFW

    3. Step-by-step NGFW Fortigate configuration and testing

    We were aware that incorrectly constructed rules affect the operation of the factory, e.g. they may cause computers to lose the ability to supervise machines in the production hall. That’s why we worked in the windows when the machines were down. New rules were added at the top, thanks to which we could unambiguously verify their correctness using packet and session counters that met the rule (so-called hit count).

    Wondering if you can achieve similar results on your Internet Edge? Make an appointment for a free consultation.

      Talk to our expert

       

      After recognizing your situation, we will select an engineer who, during a free consultation, will advise what you can do to strengthen security in the area you are interested in.

      Jakub Fabiś, Head of Sales, Grandmetric

      See also

      Grandmetric