Fortinet 50A/50B, 100 manual Factory default protection profiles

Page 30

Factory defaults

Table 10: Factory default firewall configuration

Configuration setting

Name

Description

 

 

 

Firewall policy

Internal ->External

Source: All Destination: All

Firewall address

All

Firewall address matches the source or

 

 

destination address of any packet.

 

 

 

Pre-defined service

More than 50

Select from any of the 50 pre-defined

 

predefined services

services to control traffic through the

 

 

FortiGate unit that uses that service.

 

 

 

Recurring schedule

Always

The recurring schedule is valid at any

 

 

time.

 

 

 

Protection Profiles

Strict, Scan, Web,

Control how the FortiGate unit applies

 

Unfiltered

virus scanning, web content filtering, spam

 

 

filtering, and IPS.

 

 

 

The factory default firewall configuration is the same in NAT/Route mode and Transparent mode.

Factory default protection profiles

Use protection profiles to apply different protection settings for traffic controlled by firewall policies. You can use protection profiles to:

configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

configure Web filtering for HTTP firewall policies

configure Web category filtering for HTTP firewall policies

configure spam filtering for IMAP, POP3, and SMTP firewall policies

enable the Intrusion Protection System (IPS) for all services

enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

By using protection profiles, you can build protection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure firewall policies for different traffic services to use the same or different protection profiles.

You can add Protection profiles to NAT/Route mode and Transparent mode firewall policies. The FortiGate unit includes four protection profiles.

Strict

To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP

 

traffic. You may not use the strict protection profile under normal

 

circumstances but it is available if you have problems with viruses and

 

require maximum screening.

Scan

To apply antivirus scanning and file quarantining to HTTP, FTP, IMAP,

 

POP3, and SMTP content traffic.

Web

To apply antivirus scanning and web content blocking to HTTP content

 

traffic. You can add this protection profile to firewall policies that control

 

HTTP traffic.

Unfiltered

To apply no scanning, blocking or IPS. Use if you do not want to apply

 

content protection to content traffic. You can add this protection profile to

 

firewall policies for connections between highly trusted or highly secure

 

networks where content does not need to be protected.

FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide

30

01-30004-0265-20070831

Image 30
Contents Install G U I D E Trademarks Regulatory complianceContents Factory defaults Configuring the FortiGate unitConfiguring the modem interface Using a wireless networkFortiGate Firmware Index Reverting to a previous firmware versionFortiUSB key Introduction About the FortiGate unitFortiGate-50A FortiGate-100 FortiWiFi-50BFortiGate-50B Register your FortiGate unitFortiClient FortiGuard Subscription ServicesFortinet Family Products FortiMailFortiReporter About this documentFortiAnalyzer FortiBridgeDocument conventions Typographic conventionsFortinet documentation Fortinet Knowledge Center Customer service and technical supportFortinet Tools and Documentation CD Comments on Fortinet technical documentationCustomer service and technical support Installing the FortiGate unit Package ContentsPower Requirements Technical Specifications DimensionsWeight SpecificationsFortiWiFi-50B package contents FortiGate-100 package contents Front BackPowering on the FortiGate unit To power on the FortiGate unitMounting Power over Ethernet Command line interface Powering off the FortiGate unitConnecting to the FortiGate unit Connecting to the web-based managerFortiGate login To connect to the web-based managerBits per second 9600 Data bits Parity Connecting to the CLITo connect to the CLI Stop bits Flow controlQuick installation using factory defaults Quick configuration using default settingsGo to System Network Options Quick installation using factory defaults Factory defaults Factory default Dhcp server configuration Factory default NAT/Route mode network configurationAdministrative access Factory default Transparent mode network configurationFactory default firewall configuration Management IPFactory default protection profiles Restoring the default settings using the CLI Restoring the default settingsRestoring the default settings using the web-based manager To reset the default settings Go to System StatusRestoring the default settings Configuring the FortiGate unit Planning the FortiGate configurationNAT/Route mode NAT/Route mode with multiple external network connections Internet RouterTransparent mode NAT/Route mode settings NAT/Route mode installationPreparing to configure the FortiGate unit in NAT/Route mode Go to System Network InterfaceDhcp or PPPoE configuration Using the web-based managerConfiguring basic settings Adding a default route To configure interfaces Go to System Network InterfaceTo add a default route Go to Router Static Configuring the FortiGate unit to operate in NAT/Route mode Verifying the web-based manager configurationUsing the command line interface Verify the connectionTo set the external interface to use DHCP, enter To configure DNS server settingsExample To set the external interface to use PPPoE, enterTo add a default route Connecting the FortiGate unit to the networks Configuring the networksTo connect the FortiGate unit Transparent mode settings Administrator Password Transparent mode installationPreparing to configure Transparent mode DNS SettingsTo change to Transparent mode using the CLI To verify the DNS server settingsReconnecting to the web-based manager Connecting the FortiGate unit to your networkTo connect the FortiGate unit running in Transparent mode Next steps Set the date and timeUpdating antivirus and IPS signatures To enable schedule updates from the CLI Scheduling antivirus and IPS updatesTo update IPS signatures using the CLI Updating the IPS signatures from the CLITo add an override server using the CLI Adding an override serverNext steps Configuring the modem interface Connecting a modem to the FortiGate-50ASelecting a modem mode Redundant mode configurationStand alone mode configuration Configuring the modem for the FortiGate-50A Mode must be standalone Interface nameCLI commands for the FortiGate-50A Phone-numberAdding a Ping Server Dead gateway detectionAdding firewall policies for modem connections Using a wireless network Setting up a wireless networkPositioning an Access Point Radio Frequency interfaceUsing multiple access points Using multiple APs to provide a constant strong signalWireless Security Wireless Equivalent Privacy WEPWi-Fi Protected Access WPA Access Point mode FortiWiFi-50B operation modesService Set Identifier Additional security measuresClient mode FortiWiFi in Access Point modeSetting up the FortiWiFi-50B as an Access Point Changing the operating modeSet the Dhcp settings Configure the firewall policies To set the data security Go to System Wireless SettingsSet the security options FortiGate Firmware Upgrading the firmware using the web-based managerTo upgrade the firmware using the web-based manager Upgrading to a new firmware versionUpgrading the firmware using the CLI To upgrade the firmware using the CLIFor information, see the FortiGate Administration Guide Reverting to a previous firmware versionReverting to a previous firmware version using the CLI To revert to a previous firmware version using the CLIExecute ping To install firmware from a system reboot Press Any Key To Download Boot Image Restoring the previous configuration Backup and Restore from the FortiUSB key To backup configuration using the CLIFortiUSB key Using the USB Auto-Install feature To restore configuration using the CLITo configure the USB Auto-Install using the CLI Testing a new firmware image before installing it Additional CLI commands for the FortiUSB keyTo test a new firmware image Testing a new firmware image before installing it Installing and using a backup firmware image Installing a backup firmware imageTo install a backup firmware image Press any key to enter configuration menuEnter File Name image.out Installing and using a backup firmware image Index CLIWall mounting Web-based manager, connecting
Related manuals
Manual 272 pages 22.37 Kb