Fortinet Firewalls: Fortigate Configuration for Linux & Windows Servers

Hardening Linux and Windows servers doesn’t involve setting it and forgetting it; you need to understand the differences between the two OS types, define OS-centric rules, and tweak them constantly against new threats.

I’ve been in this space since the early ’90s — before servers were secured by locking a room and hoping no one touched the cables. Now? Threats operate at machine speed, automation has enveloped industry, and zero-trust rules supreme. Last month, we helped three banks migrate their zero-trust architecture to Fortinet, and it is a different world compared to the days I was blockading Slammer worm traffic in 2003.

This post will guide you in configuring Fortinet firewalls for Linux and Windows servers. Because while they both require solid security, they have very different needs.

Quick Take

Short on time? Here’s the TL;DR:

• Windows servers: Prioritize protection for RDP, disable SMB, restrict incoming firewall rules
• Linux servers: Monitor SSH access, restrict unused ports, and apply application whitelisting.
• Fortinet firewalls: General OS-specific policies, IPS/IDS enforced, automation for threat monitoring.

Zero-trust is a must—firewall rules alone won’t do it anymore. Got a few more minutes? Let’s dig in.

Differences in Server OS Security

This is precisely why I always ask what OS you’re running before firing off a firewall strategy. From a security perspective, Windows and Linux are completely different:

Windows Server

• GUI-driven (this is why attackers flock to RDP).
• Stacked with services by default—that you don’t use.
• SMB file shares could be a huge attack path.
• Active Directory adds layers of complicated (but necessary) authentication.

Linux Server

• Everything’s a file—so privilege escalation attacks are silent but deadly.
• SSH brute-force attempts are something that happens all the time.
• Most distros come with services you don’t need running.
• Need to exercise caution while managing user permissions.

Different beasts, different dangers. So you have to align your firewall strategy with that.

Linux & Windows Fortinet Firewall Rules

Here’s the deal with Fortinet’s firewalls—I love them, but a default install doesn’t do much for your protection. You have to adjust the settings against which you’re defending.

Windows Server Firewall Rules

The most common sources of attacks on MSS servers are open ports, weak authentication, and lateral movement attacks. Let’s write firewall rules with that in mind:

• NEVER expose RDP to the internet. VPN-protect it, use jump hosts, or limit the IP to specific ones only.
• Block SMB where feasible—or at least limit it to trusted devices.
• Disable PowerShell remoting unless you really need it.
• Whitelist the allowed IPs in Fortinet IPS to enable the detection of known exploits.
• Use Geo-IP filters for any geographic region limitation.

Linux Server Firewall Rules

Linux security is essentially just minimizing attack surface and locking down SSH:

• By default, deny all inbound traffic unless allowed.
• No password authentication—use SSH keys.
• Change the default SSH port (not a panacea security measure, yet a good way to just get rid of noise).
• Prevent sudo from being available, and log attempts to escalate privileges.
• Watch for outbound traffic—Linux malware frequently does phone-home operations without you seeing them.

Threats & Defense Strategies for OS-Specific

After that basic introduction into firewall rules, let us move on to what we are defending ourselves from. Because threats are ever-evolving.

Windows Server Threats

Windows environments are some of the most targeted by ransomware, credential theft, and lateral movement attacks. Some strategies to mitigate:

• Prevent unauthorized executables using Fortinet’s application control.
• Apply network segmentation—even inside your Windows environment.
• Require Multi-Factor Authentication (MFA) for admins.
• Patch on a regular basis—even if updates break things. It’s still worth it.

Windows is under constant assault. However, that does not mean that Linux is off the hook.

Linux Server Threats

Many people believe that Linux is inherently more secure. That’s a mistake. Linux server malware is on the rise—particularly cryptojacking and containerized breaches. Here’s how to limit the risk:

• Disable root login via SSH. No exceptions.
• Implement mandatory access control (e.g., SELinux or AppArmor).
• Be vigilant with logs—Linux attackers cover their tracks better than most.
• If you’re running a web server, harden it if it’s Apache, Nginx, or anything public-facing.

If you think there are no serious Linux threats, check how many hacked Linux boxes mine Monero at this moment.

Server Security Solutions at PJ Networks

We don’t believe in one-size-fits-all security at PJ Networks. Every company has unique needs, unique infrastructure, and unique threats.

Here’s how we keep businesses secure with Fortinet firewalls:

• Custom firewall rule sets specifically designed for Linux & Windows environments.
• Zero-trust rollout—no trust by default, verify everything.
• 24/7 monitoring & response—attacks don’t stop at 5 PM.
• Security audits—if you’re not too sure about your current setup, breaking it is where we come in (before someone else does).

We recently assisted a number of banks in their architectural revamp to ensure that even things belonging to Fortinet firewalls locked down everything — especially unauthorized lateral movement. Banks are prime targets for credential theft, so we created custom rulesets that protected their financial data but also ensured high performance.

It isn’t as simple as slapping a firewall up. It’s about knowing threat models, attack vectors, and business needs.

Conclusion

An additional layer that secures Windows and Linux servers are firewalls, particularly Fortinet firewalls. But they’re just one layer. Here’s what I say to every client:

1. Your policies are what make your firewall effective.
2. No amount of firewall will patch bad internal security.
3. The firewall itself is working well; however, individual server hardening is manual all the way around.

Strict port & service controls for Windows. SSH rules and outbound monitoring need to be locked down on Linux. Every server environment is different, which is why security needs to be tailored.

If you’re a business owner who is currently using your default firewall settings? We need to talk. Because attackers are already one step ahead of you.