*For the Fortigate

Separation of Power approach: To help divide responsibilities and access to enhance security and minimize the potential for unauthorized access or control.

• Scope-Based Access: Admin access can be global or on VDOM basis. Global scope admins have access to the base device and all VDOMs by default. Per-VDOM access allows tighter control for specific ships/tenants.
• Separate Config Access: Control access are granted independently for network interface configuration (Ethernet, VLANs, inter-VDOM links) and VPN (IPSec) configurations.
• Restrict Sensitive Options: Can be blocked access to FortiView (metadata) and packet capture (raw packets) for admins who do not require these features.

Assign global admin access only for tasks where it is essential, minimizing the risk of unintended or unauthorized actions using the principle of least privilege.

These tasks are needed for each ship added to the system:

• [Hub FGT] Creating VDOMs: Set up virtual domains for new ships.
• [Hub FGT] Creating inter-VDOM links: Enable communication between ship-specific VDOMs and the hub.
• [Hub FMG] Assigning ship + hub VDOMs to an ADOM in FortiManager: Associate the ship and hub VDOMs with a specific Administrative Domain (ADOM) for configuration and management.
• [Hub FAZ] Creating hub logging ADOM: Set up an Administrative Domain for managing logs at the hub.
• [Hub FAZ] Assigning devices to appropriate hub logging ADOM: Link the devices to the logging ADOM for centralized log management.

These tasks are performed once during the initial setup:

• [Hub FGT] Assigning physical interfaces to VDOMs: Map physical network ports to their respective VDOMs.
• [Hub FGT] Configuring Hub 40gate → Hub host OI summary routing: Set up routing for traffic between the hub FortiGate and the host Operational Interface (OI).
• [Hub FGT] Configuring HA: Enable HA for redundancy and reliability.
• [Hub FGT] Configuring system DNS: Set up Domain Name System settings for the hub.
• [Hub FGT] Configuring system NTP: Configure Network Time Protocol settings for synchronized timekeeping.
• [Hub FGT] Configuring system FortiManager connection: Establish a connection between the hub FortiGate and FortiManager for centralized management.
• [Hub FGT] Configuring system (hub) FortiAnalyzer connection: Link the hub FortiGate to FortiAnalyzer for log and analytics management.

• Identify Sensitive Options to Restrict: Explicitly restrict the sensitive options including FortiView (metadata view), packet capture (raw packet view), and VPN configuration (IPSec management). These options explicitly lock-out an admin's options to inappropriately egress “inside-the-veil” IPSec sessions.
• Configure Certificate Management: Transition certificate management to a VDOM-level scope to ensure certificate private keys are isolated and protected from global admin access.
• Leverage FortiManager for Configuration Management: Utilize the FortiManager auto-config process to create regular backup configurations, to test configurations and to implement configuration changes while maintaining a version-controlled audit trail.
• Define Separate Admin Profiles: Create role-specific admin profiles with clear separation of duties. Profiles for hub admins, providing connectivity to per-ship VDOMs and seeing IPSec ciphertext, versus ship admins with ability to see inside the ship VDOMs, on a per-ship basis.