Greetings! Welcome to the tenth anniversary lesson of the course . On we looked at the basic logging and reporting mechanisms, and also got acquainted with the solution . To conclude the practical lessons of this course, I want to introduce you to various technologies that can be useful when administering a firewall . The necessary theory, as well as the practical part, are under the cut.
Let's say you forgot your FortiGate account password and can't log into your device. What to do in this case? The built-in account will help here, through which you can change the password for the administrator. The login information for this entry is shown in the figure below.
But in order to log in under this entry, you need to physically reboot the device; executing the reboot command from the command line will not help. You must also be connected to the device via the console port when logging in. Since you can only log into your account about a minute after rebooting, I advise you to write a password in advance and copy it to the clipboard.
Now let's talk about updates. Is it always worth updating? Not really. My colleagues and I believe that it is necessary to update in the following cases:
- When upgrading to a major version (for example, 5.0 or 6.0) - if you need new functionality added in these versions.
- When upgrading to a minor version (for example from 5.5 to 5.6) - if you need to fix a vulnerability in FortiOS or dependent devices. By the way, you can see a list of such vulnerabilities .
- It is necessary to eliminate errors that occur when working with the device.
In other cases, it is not worth updating. It is important to remember that updating for the sake of updating is not the best practice. In this way, problems can be created that did not previously exist.
If there is an understanding that an update is necessary, you cannot immediately put it into production. Before this, you need to test it on a test site. Also, when preparing for the update, you need to familiarize yourself in detail with the Release Notes - the changes in the new version. This is due to the fact that some updates may significantly change certain functionality, due to which some of your settings may become inaccessible. This document accompanies each update. Usually they are in .
After successful testing, it is necessary to make a backup of the current configuration, and also develop a backup plan for returning to the old configuration.
When updating, you also need to take into account the Upgrade Path (sequence of updates). This is the only way to reduce the risks when upgrading from version to version. If you act contrary to the Upgrade Path, you may lose some of the configuration information during the upgrade.
And of course, donβt forget about the current service contract, which will help you get qualified technical support if you canβt solve the problem on your own.
Updating the operating system, restoring the configuration using a backup, as well as using administrator accounts, limiting administrator access, creating a secure connection for administration - all these points are discussed in the video lesson:
In the next lesson, we'll look at licensing issues for FortiGate and FortiAnalyzer devices. In order not to miss it, follow the updates on the following channels:
Source: habr.com