Fortinet ORTIWIFI-60A /AM manual Factory default protection profiles

Page 26

Factory default firewall configuration

Factory defaults

Table 6: Factory default firewall configuration

Configuration setting

Name

Description

 

 

 

Firewall policy

Internal ->External

Source: All Destination: All

Firewall address

All

Firewall address matches the source or

 

 

destination address of any packet.

 

 

 

Pre-defined service

More than 50

Select from any of the 50 pre-defined

 

predefined services

services to control traffic through the

 

 

FortiWiFi unit that uses that service.

 

 

 

Recurring schedule

Always

The recurring schedule is valid at any

 

 

time.

 

 

 

Protection Profiles

Strict, Scan, Web,

Control how the FortiWiFi unit applies

 

Unfiltered

virus scanning, web content filtering, spam

 

 

filtering, and IPS.

 

 

 

The factory default firewall configuration is the same in NAT/Route and

Transparent mode.

Factory default protection profiles

Use protection profiles to apply different protection settings for traffic controlled by firewall policies. You can use protection profiles to:

configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

configure Web filtering for HTTP firewall policies

configure Web category filtering for HTTP firewall policies

configure spam filtering for IMAP, POP3, and SMTP firewall policies

enable the Intrusion Protection System (IPS) for all services

enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

By using protection profiles, you can build protection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure firewall policies for different traffic services to use the same or different protection profiles.

Protection profiles can be added to NAT/Route mode and Transparent mode firewall policies. The FortiWiFi unit comes preconfigured with four protection profiles.

Strict

To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP

 

traffic. You may not use the strict protection profile under normal

 

circumstances but it is available if you have problems with viruses and

 

require maximum screening.

Scan

To apply antivirus scanning and file quarantining to HTTP, FTP, IMAP,

 

POP3, and SMTP content traffic.

Web

To apply antivirus scanning and web content blocking to HTTP content

 

traffic. Add this protection profile to firewall policies that control HTTP

 

traffic.

Unfiltered

To apply no scanning, blocking or IPS. Use if you do not want to apply

 

content protection to content traffic. You can add this protection profile to

 

firewall policies for connections between highly trusted or highly secure

 

networks where content does not need to be protected.

 

FortiWiFi-60A/AM FortiOS 3.0 MR4 Install Guide

26

01-30004-0283-20070215

Page 25 Page 27
Image 26
Page 25 Page 27
Contents Install G U I D E Trademarks Regulatory complianceContents Configuring the FortiWiFi Configuring the modem interfaceIndex Using a wireless networkFortiWiFi Firmware Page About the FortiWiFi unit FortiWiFi-60A/AMFortinet Family Products Register your FortiWiFi unitFortiGuard Subscription Services FortiClientFortiReporter FortiMailFortiAnalyzer FortiBridgeAbout this document Document conventionsTypographic conventions Addressipv4FortiGate Install Guide Fortinet documentationComments on Fortinet technical documentation Customer service and technical supportFortinet Knowledge Center Customer service and technical support Installing the FortiWiFi unit Package ContentsSpecifications Powering on the FortiWiFi unitTo power on the FortiWiFi unit MountingCommand line interface Connecting to the FortiWiFi unitPowering off the FortiWiFi unit To power off the FortiWiFi unitConnecting to the web-based manager To connect to the web-based managerConnecting to the CLI System DashboardWelcome Quick installation using factory defaultsTo connect to the CLI Bits per second 9600 Data bits ParityGo to System Network Options Quick installation using factory defaults Factory defaults Factory default Dhcp server configuration Factory default NAT/Route mode network configurationFactory default Transparent mode network configuration Factory default firewall configurationFactory default protection profiles Restoring the default settings using the CLI Restoring the default settingsRestoring the default settings using the web-based manager To reset the default settings Go to System StatusRestoring the default settings Planning the FortiWiFi configuration NAT/Route modeNAT/Route mode with multiple external network connections Example NAT/Route mode network configurationTransparent mode Example NAT/Route multiple internet connectionNAT/Route mode installation Preparing to configure the FortiWiFi unit in NAT/Route modeNAT/Route mode settings Administrator Password Internal Dhcp or PPPoE configurationUsing the web-based manager PPPoE setting User name PasswordConfiguring basic settings To configure interfaces Go to System Network InterfaceUsing the command line interface Adding a default routeVerifying the web-based manager configuration Configuring the FortiWiFi unit to operate in NAT/Route modeExample To add/change the administrator passwordTo configure interfaces To set the WAN1 interface to use DHCP, enterTo set the WAN1 interface to use PPPoE, enter To configure DNS server settingsTo add a default route Get system interfaceConnecting the FortiWiFi unit to the networks To connect the FortiWiFi unitConfiguring the networks NAT/Route mode connectionsTransparent mode settings Administrator Password Transparent mode installationPreparing to configure Transparent mode DNS SettingsTo change to Transparent mode using the CLI To verify the DNS server settingsTo connect the FortiWiFi unit running in Transparent mode Reconnecting to the web-based managerConnecting the FortiWiFi unit to your network Next steps Set the date and timeUpdating antivirus and IPS signatures Updating the IPS signatures from the CLI Scheduling antivirus and IPS updatesTo update IPS signatures using the CLI EveryDaily To enable schedule updates from the CLIAdding an override server WeeklyTo add an override server using the CLI Config system autoupdate override set address Set status EndNext steps Configuring the modem interface Stand alone mode configuration Selecting a modem modeRedundant mode configuration To configure the FortiWiFi-60A using the CLIEnter the following to configure the dialup account Configuring modem settings To connect to a dial-up account Go to System Network Modem Connecting and disconnecting the modem in Stand alone modeTo configure modem settings Go to System Network Modem To disconnect the modemConfiguring the modem using the CLI Keywords and variables Description DefaultPeermodem1 Dead gateway detection Adding a Ping ServerAdding firewall policies for modem connections Setting up a wireless network FortiWiFi unit as an Access PointRadio Frequency interface Positioning an Access PointUsing multiple access points Wireless Security Wireless Equivalent Privacy WEPMAC address filtering Wi-Fi Protected Access WPAAdditional security measures Access Point mode FortiWiFi operation modesService Set Identifier To disable Ssid Go to System Wireless SettingsChanging the operating mode Setting up the FortiWiFi unit as an Access PointClient mode Set the security options Set the Dhcp settingsTo set the data security Go to System Wireless Settings Configure the firewall policies Upgrading to a new firmware version Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager Execute restore image Tftp namestr tftpipv4 Upgrading the firmware using the CLITo upgrade the firmware using the CLI Execute restore image image.outExecute update-now Reverting to a previous firmware versionReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLIExecute restore image Tftp image.out To install firmware from a system reboot Enter Tftp Server Address Press Any Key To Download Boot ImagePress any key to display configuration menu Enter Local AddressFortiUSB key Restoring the previous configurationSave as Default firmware/Run image without savingD/R Do You Want To Save The Image? y/nTo restore configuration using the CLI Backup and Restore from the FortiUSB keyTo backup configuration using the CLI Using the USB Auto-Install feature To configure the USB Auto-Install using the CLITo test a new firmware image Testing a new firmware image before installing itAdditional CLI Commands for the FortiUSB key Testing a new firmware image before installing it Type n FortiWiFi unit running v3.x Bios Testing a new firmware image before installing it Index Numerics01-30004-0283-20070215
Top Page Image Contents