Ministry of Higher Education & Scientific Research

Sulaimani Polytechnic University

Technical College of Informatics
Computer Networks Department

Undergraduate Final Year Project Proposal

Securing Enterprise using FortiGate Firewall

Prepared by:
Meer Shorsh
Dyako Kamaran
Meer Muhammed

Supervised by:
Msc. Rania Azad

Academic Year 2024-2025

 Abstract

Enterprises must be acquainted with strict measures of security, as the threats in cyberspace
keep on evolving. This proposal is looking forward to the implementation of FortiGate firewall
solutions to enable an enterprise to enhance its network security. It elaborates on the aims,
objectives, problem statement, background, methodology, tools, and expected outcomes for
securing the enterprise network. It inculcates standards from the industry, case scenarios, and
data from empirical studies on cybersecurity for its recommendations. The strategy of
implementation of FortiGate firewalls shall be highly threat detection-focused, prevention
mechanisms, analytics driven by AI, and assurance of compliance to global security regulations.

1
Table of Contents
2.0 Problem Statement ............................................................................................................... 4
3.0 SWOT Analysis ...................................................................................................................... 5
3.1 Strengths ........................................................................................................................... 5
3.2 Weaknesses ...................................................................................................................... 5
3.3 Opportunities.................................................................................................................... 5
3.4 Threats .............................................................................................................................. 5
4.0 Timeline ................................................................................................................................ 6
5.0 Methodologies ...................................................................................................................... 7
5.1 What is FortiGate Firewall ................................................................................................ 7
5.2 VPN ................................................................................................................................... 7
5.3 NAT.................................................................................................................................... 7
5.4 Intrusion prevention system ............................................................................................. 8
5.5 Web Filtering..................................................................................................................... 8
5.6 Application Control ........................................................................................................... 8
5.7 Advanced Threat Protection ............................................................................................. 8
5.8 Secure SD-WAN................................................................................................................. 9
5.9 SSL/TLS inspection ............................................................................................................ 9
5.10 Zero Trust Network Access (ZTNA) ................................................................................. 9
6.0 Tools and Technologies ....................................................................................................... 10
6.1 Network Segmentation ................................................................................................... 10
6.2 Firewall Policies & Access Control .................................................................................. 10
6.3 Advanced Threat Protection (ATP).................................................................................. 10
6.4 Web Filtering & Content Security ................................................................................... 10
6.5 Secure Remote Access & VPN ........................................................................................ 10
6.6 Data Loss Prevention (DLP) ............................................................................................. 10
7.0 Related Work ...................................................................................................................... 11
References ................................................................................................................................ 12

2
1.0 Aims and Objectives

The project's aim is to ensure enterprise security using FortiGate firewalls that comprehensively
protect the networks from cyber threats. This shall be done by including state-of-the-art security
mechanisms such as DPI, SSL decryption, and real-time AI-based threat intelligence. The
solution shall also ensure the enterprise operates securely and compliantly with the relevant
cybersecurity framework like NIST, ISO 27001, and PCI DSS.

Objectives:

▪ To analyze current security challenges in enterprise networks and assess existing

vulnerabilities.

▪ To implement FortiGate firewall solutions for real-time intrusion prevention and

advanced threat detection.

▪ To configure security policies, VPNs, and next-generation malware protection

mechanisms.

▪ To integrate AI-driven threat intelligence for proactive security management and

anomaly detection.

▪ To evaluate the effectiveness of the firewall through comprehensive penetration

testing, red teaming exercises, and simulated cyber-attack scenarios.

3
2.0 Problem Statement
Enterprises are always at risk from malware, phishing, ransomware, unauthorized access, and
leakage of critical data and financial losses. There is an increase in the sophistication in the field
of cyberattacks hence, a more robust and adaptive security framework is required. Most
traditional firewall solutions lack intelligence and automation for mitigating modern cyber
threats. This course covers next-generation firewalls to enable deep packet inspection for the
analysis of encrypted traffic with the use of AI-driven threat intelligence against emerging
security risks. According to Verizon (DBIR 2023), a total of 82% of the breaches included
human-linked mistakes, which, in order for risks to be at a minimum, require a unified security
solution with AI-driven behavior analysis, threat response automation like FortiGate [1].
Companies operating on an intelligent Next-Generation Firewall reportedly experience a
lowering in incident response times by 40%, in observation over several years until 2023, as
released by Gartner, thus indicating the fact that adaptive security frameworks work while
countering modern-day cyber threats [2]. Besides assuring necessary compliance with various
industry regulations such as NIST, GDPR, PCI DSS, and ISO 27001, FortiGate enables
organizations to be more resilient against cyber threats. Its multi-layered protection provides
application control, intrusion prevention, web filtering, and advanced malware protection,
therefore making it one of the most important elements in modern enterprise cybersecurity.

4
3.0 SWOT Analysis

3.1 Strengths:

▪ Comprehensive Security Features.

▪ High Performance.
▪ Scalability
▪ Global Threat Intelligence

3.2 Weaknesses:

▪ Complex Configuration
▪ Cost Considerations
▪ Proprietary Ecosystem
▪ Support and Maintenance

3.3 Opportunities:

▪ Growing Cybersecurity Demand

▪ Cloud Integration
▪ SMB and Enterprise Markets
▪ Innovation in AI & Automation
3.4 Threats:

▪ Intense Competition
▪ Rapidly Evolving Threat Landscape
▪ Regulatory Changes
▪ Vendor Lock-in

5
4.0 Timeline

Figure 1 : Gantt Chart

6
5.0 Methodologies
5.1 What is FortiGate Firewall
Cybersecurity has become paramount as organizations face an ever-growing array of
threats. FortiGate firewall technology stands out by providing robust network security
measures for modern-day challenges. If you’re an IT professional, network administrator,
cybersecurity expert, or simply looking to beef up your knowledge of firewall technology,
understanding FortiGate’s capabilities can be a game-changer for your security infrastructure
[3].

5.2 VPN
A VPN is a type of proxy server. Therefore, it serves as a barrier between a computer or network
and the internet, receiving all web requests before forwarding them to the network.
VPNs are common and extend the private network across a public one, such as the internet.
This allows users to securely transmit data as if their devices were directly connected to the
private network. The connection establishes an encrypted tunnel between remote devices and
the corporate network, enabling secure access [4].

5.3 NAT
NAT changes the destination or source addresses of data packets as they pass through a firewall.
This allows multiple devices to connect to the internet using the same IP address, which helps
protect the private network from direct exposure to external threats [4].

These capabilities include:

• Internet of Things (IoT) security: to discover BYOD, rogue, or shadow IT devices.

• Network sandboxing: to monitor and analyze suspicious objects in an isolated
environment
• Operational technology (OT) security: to protect OT environments with threat
intelligence, IPS, and SCADA applications and threat inspection
• Domain Name System (DNS) security: to monitor, detect and prevent capabilities
against DNS layer attacks [4].

7
5.4 Intrusion prevention system
An intrusion prevention system (IPS) is a network security tool (which can be a hardware
device or software) that continuously monitors a network for malicious activity and takes action
to prevent it, including reporting, blocking, or dropping it, when it does occur. Intrusion
prevention systems are sometimes included as part of a next-generation firewall (NGFW) or
unified threat management (UTM) solution. Like many network security technologies, they
must be powerful enough to scan a high volume of traffic without slowing down network
performance [5].

5.5 Web Filtering

Web filtering is a technology that stops users from viewing certain URLs or websites by
preventing their browsers from loading pages from these sites. Web filters are made in different
ways and deliver various solutions for individual, family, institutional or enterprise use. In
general, Web filters work in two distinct ways [6].

5.6 Application Control

Application control is a cybersecurity measure that regulates and manages the execution of
software applications on a computer or network. It involves defining and enforcing policies that
dictate whether applications can run, as well as how they are allowed to execute [7].

5.7 Advanced Threat Protection

Advanced threat protection (ATP) is a subset of security solutions built to defend sensitive data
against complex cyberattacks, including malware, phishing campaigns, and more. ATP often
combines cloud security, email security, endpoint security, and more to augment an
organization’s defenses amid the ever-changing threat landscape. Fortunately, as attack surfaces
widen and new cyberthreats and attack vectors emerge, cybersecurity technology is evolving
past firewalls and traditional network security [8].

8
5.8 Secure SD-WAN
A secure SD-WAN includes advanced SD-WAN and security capabilities that enable
organizations to reduce device footprint, enforce consistent policy across branches. It also
improves application performance by selecting the best path and automatically steering the
traffic to the cloud [9].

5.9 SSL/TLS inspection

TLS encryption is used to secure traffic, but the encrypted traffic can be used to get around your
network's normal defenses. SSL/TLS deep inspection allows firewalls to inspect traffic even
when they are encrypted. When you use deep inspection, FortiGate serves as the intermediary
to connect to the SSL server, then decrypts and inspects the content to find threats and block
them [10].

5.10 Zero Trust Network Access (ZTNA)

Zero Trust Network Access (ZTNA) is a security service that verifies users and grants access
to specific applications based on identity and context policies. ZTNA removes implicit trust to
restrict network movement and reduce attack surfaces [11].

9
6.0 Tools and Technologies
6.1 Network Segmentation
▪ Role-Based Access Control (RBAC) to separate networks (e.g., User, Guest, Server, IoT, DMZ).
▪ Use Virtual LANs (VLANs) to minimize lateral movement of threats.

6.2 Firewall Policies & Access Control

▪ Define strict access control lists (ACLs).
▪ Zero Trust Security Model (least privilege access).
▪ Block unnecessary inbound and outbound traffic.

6.3 Advanced Threat Protection (ATP)

▪ Enable Intrusion Prevention System (IPS) to detect and block malicious traffic.
▪ Use Antivirus & Anti-malware scanning to prevent infections.
▪ Implement Forti Sandbox for advanced threat analysis.

6.4 Web Filtering & Content Security

▪ Restrict access to malicious websites & inappropriate content.
▪ Implement SSL Inspection to scan encrypted traffic for threats.
▪ Enable FortiGuard Web Filtering to categorize and control website access.

6.5 Secure Remote Access & VPN

▪ Implement SSL VPN / IPsec VPN for secure remote work.
▪ Enforce Multi-Factor Authentication (MFA) for VPN users.
▪ Deploy Network Access Control (NAC) for endpoint security compliance.

6.6 Data Loss Prevention (DLP)

▪ Monitor and control sensitive data movement.
▪ Prevent unauthorized data exfiltration.
▪ Enforce file type and keyword-based filtering.

10
7.0 Related Work

IHG Hotels & Resorts

Overview: IHG Hotels & Resorts enhanced IT efficiency by nearly 60% using Fortinet
Secure SD-WAN, combined with FortiGate firewalls for network security and performance
enhancement at all their properties across the world [12].

Pacific National
Overview: The largest Australian private rail freight operator, Pacific National, tackled the
challenge of connecting over long distances with FortiGate firewalls. It reduced annual
networking costs by half while maintaining security at the highest level [12].

Grupo Bimbo
Overview: Global food manufacturer Grupo Bimbo has accelerated its digital
transformation by using Fortinet Secure SD-WAN with FortiGate firewalls to improve its
security posture and operational efficiency [12].

11
References
[1] “2024 Data Breach Investigations Report | Verizon.” Accessed: Feb. 05, 2025. [Online].
Available: https://www.verizon.com/business/resources/reports/dbir/

[2] “Gartner Magic Quadrant for Network Firewalls.” Accessed: Feb. 05, 2025. [Online].
Available: https://www.gartner.com/en/documents/4007809

[3] “What is FortiGate Firewall? | Axians UK.” Accessed: Feb. 05, 2025. [Online]. Available:
https://www.axians.co.uk/glossary/what-is-fortigate-firewall/

[4] “What Is a Firewall? Definition and Types of Firewall | Fortinet.” Accessed: Feb. 05,
2025. [Online]. Available: https://www.fortinet.com/resources/cyberglossary/firewall

[5] “What is Intrusion Prevention System? | VMware Glossary.” Accessed: Feb. 05, 2025.
[Online]. Available: https://www.vmware.com/topics/intrusion-prevention-system

[6] “What is Web Filtering: Protecting Against Malicious Websites | Barracuda Networks.”
Accessed: Feb. 05, 2025. [Online]. Available:
https://www.barracuda.com/support/glossary/web-filtering

[7] “Application Control | BeyondTrust.” Accessed: Feb. 05, 2025. [Online]. Available:
https://www.beyondtrust.com/resources/glossary/application-control

[8] “What is Advanced Threat Protection? (ATP) | Zscaler.” Accessed: Feb. 05, 2025.
[Online]. Available: https://www.zscaler.com/resources/security-terms-glossary/what-
is-advanced-threat-protection

[9] “What is secure SD-WAN? | Glossary | HPE EUROPE.” Accessed: Feb. 05, 2025.
[Online]. Available: https://www.hpe.com/emea_europe/en/what-is/secure-sd-
wan.html

[10] “SSL/TLS deep inspection | FortiGate / FortiOS 7.6.0 | Fortinet Document Library.”
Accessed: Feb. 05, 2025. [Online]. Available:
https://docs.fortinet.com/document/fortigate/7.6.0/best-practices/598577/ssl-tls-
deep-inspection

[11] “What Is Zero Trust Network Access? - Cisco.” Accessed: Feb. 05, 2025. [Online].
Available: https://www.cisco.com/c/en/us/products/security/zero-trust-network-
access.html

[12] “Fortinet Global Customers and Case Studies.” Accessed: Feb. 05, 2025. [Online].
Available: https://www.fortinet.com/customers

12