Fortinet 100 user manual Antivirus, Web Filter, Email filter

Page 21

Introduction	NIDS

NIDS

See the FortiGate NIDS Guide for a complete description of FortiGate NIDS functionality. New features include:

•Attack detection signature groups

•User-configuration attack prevention

•Monitor multiple interfaces for attacks

•User-defined attack detection signatures

Antivirus

See the FortiGate Content Protection Guide for a complete description of FortiGate antivirus functionality. New features include:

•Content profiles

•Blocking oversized files

Web Filter

See the FortiGate Content Protection Guide for a complete description of FortiGate web filtering functionality. New features include:

•Cerberian URL Filtering

Email filter

See the FortiGate Content Protection Guide for a complete description of FortiGate email filtering functionality.

Logging and Reporting

See the FortiGate Logging and Message Reference Guide for a complete description of FortiGate logging.

•Log to remote host CSV format

•Log message levels: Emergency, Alert, critical, error, Warning, notification, information

•Log level policies

•Traffic log filter

•New antivirus, web filter, and email filter logs

•Alert email supports authentication

•Suppress email flooding

•Extended WebTrends support for graphing activity

FortiGate-100 Installation and Configuration Guide

21

Image 21

Contents August Installation and Configuration GuideRegulatory Compliance TrademarksTable of Contents NAT/Route mode installation System status Virus and attack definitions updates and registration RIP configuration 121 Users and authentication 173 IPSec VPN 181 Network Intrusion Detection System Nids 221 Glossary 259 Index 263 Contents Antivirus protection IntroductionEmail filtering Web content filteringFirewall NAT/Route modeNetwork intrusion detection Transparent modeWeb-based manager Secure installation, configuration, and managementFortiGate web-based manager and setup wizard Command line interfaceNetwork configuration System administrationWhat’s new in Version Logging and reportingUsers and authentication Replacement messagesDhcp server FirewallAntivirus Web FilterEmail filter About this document Document conventions Comments on Fortinet technical documentation Fortinet documentationCustomer service and technical support Comments on Fortinet technical documentation Getting started Mounting Package contentsEnvironmental specifications Powering onConnecting to the web-based manager Connecting to the web-based managerFactory default FortiGate configuration settings Connecting to the command line interface CLIBits per second 9600 Data bits Parity Stop bits Flow controlAccount Factory default NAT/Route mode network configurationInternal interface External interfaceFactory default firewall configuration Factory default Transparent mode network configurationFactory default firewall configuration Traffic Shaping Factory default content profilesAuthentication Antivirus & Web FilterScan content profile Strict content profileStrict content profile Options Scan content profile OptionsUnfiltered content profile Web content profileWeb content profile Options Unfiltered content profile OptionsExample NAT/Route mode network configuration Planning your FortiGate configurationExample NAT/Route multiple internet connection configuration NAT/Route mode with multiple external network connectionsSetup Wizard Configuration optionsFortiGate model maximum values matrix Next steps Configuration options Getting started NAT/Route mode installation Preparing to configure NAT/Route modeInternal servers Advanced FortiGate NAT/Route mode settings Advanced NAT/Route mode settingsDMZ interface Dhcp serverUsing the command line interface Using the setup wizardSet system interface external mode static ip 204.23.1.5 FortiGate-100 NAT/Route mode connections Connecting the FortiGate unit to your networksCompleting the configuration Configuring your networksConfiguring the DMZ interface Setting the date and timeConfiguring virus and attack definition updates Configuration example Multiple connections to the InternetEnabling antivirus protection Registering your FortiGateExample multiple Internet connection configuration Primary and backup links to the Internet Configuring Ping serversUsing the CLI Destination based routing examplesLoad sharing and primary and secondary connections Load sharingRouting table should have routes arranged as shown in Table Adding the routes using the CLIPolicy routing examples Routing a service to an external networkFirewall policy example Adding a redundant default policyAdding more firewall policies Action AcceptRestricting access to a single Internet connection Preparing to configure Transparent mode Transparent mode installationTransparent mode settings Administrator Password DNS SettingsGo to System Status Changing to Transparent modeConfigure the Transparent mode default gateway Configuring the Transparent mode management IP addressFortiGate-100 Transparent mode connections Setting the date and time Default routes and static routes Transparent mode configuration examplesDefault route to an external network General configuration stepsCLI configuration steps Web-based manager example configuration stepsGo to System Network Management Go to System Network RoutingStatic route to an external destination Set system route number 1 dst 24.102.233.5 255.255.255.0 gw1 Example static route to an internal destination Set system route number 1 dst 172.16.1.11 255.255.255.0 gw1 System status System statusFirmware upgrade procedures Procedure Description Changing the FortiGate host nameChanging the FortiGate firmware Upgrade to a new firmware version Upgrading the firmware using the web-based managerUpgrading the firmware using the CLI Revert to a previous firmware version Execute restore image namestr tftpipReverting to a previous firmware version using the CLI Execute ping To install firmware from a system reboot Install a firmware image from a system reboot using the CLIPress Any Key To Download Boot Image Restoring your previous configuration Test a new firmware image before installing itTest a new firmware image before installing it Installing a backup firmware image Installing and using a backup firmware imageInstalling and using a backup firmware image Switching to the backup firmware image Switching back to the default firmware image Manual virus definition updatesBacking up system settings Manual attack definition updatesDisplaying the FortiGate serial number Displaying the FortiGate up timeRestoring system settings to factory defaults Restoring system settingsChanging to Transparent mode Changing to NAT/Route modeRestarting the FortiGate unit Shutting down the FortiGate unit System statusViewing CPU and memory status Go to System Status Monitor Viewing sessions and network statusSessions and network status monitor Viewing virus and intrusions statusViewing the session list Go to System Status Session Session listTo IP Updating antivirus and attack definitions Virus and attack definitions updates and registrationVersion Expiry date Last update attempt Last update status Connecting to the FortiResponse Distribution NetworkGo to System Update Configuring scheduled updatesConfiguring update logging Go to Log&Report Log SettingSuccessful Update FDN error Configuring push updates Adding an override serverManually updating antivirus and attack definitions About push updates To enable push updatesPush updates and external dynamic IP addresses Push updates through a NAT deviceExample network topology Push updates through a NAT device Example push updates through a NAT deviceGo to Firewall Virtual IP General procedureAdding a firewall policy for the port forwarding virtual IP Schedule Always Service ANY Action Accept100 Scheduled updates through a proxy serverFortiCare Service Contracts Registering FortiGate units101 102 Registering the FortiGate unitRegistering a FortiGate unit product information 103Updating registration information Recovering a lost Fortinet support passwordViewing the list of registered FortiGate units 104Registering a new FortiGate unit Adding or changing a FortiCare Support Contract number105 Downloading virus and attack definitions updates Changing your Fortinet support passwordChanging your contact information or security question 106107 Registering a FortiGate unit after an RMA108 Network configuration Configuring interfaces109 Bringing up an interface Viewing the interface listChanging an interface static IP address Adding a secondary IP address to an interfaceControlling management access to an interface Adding a ping server to an interface111 Configuring traffic logging for connections to an interface Configuring the external interface with a static IP addressConfiguring the external interface for Dhcp 113 Configuring the external interface for PPPoEConfiguring the management interface Transparent mode Adding DNS server IP addresses Configuring routing115 Go to System Network DNSAdding destination-based routes to the routing table Adding a default route117 Adding routes in Transparent modePolicy routing Configuring the routing tablePolicy routing command syntax Providing Dhcp services to your internal network119 Go to System Network Dhcp120 Viewing the dynamic IP list121 RIP configurationRIP settings Go to System RIP Settings122 123 UpdateInvalid HolddownPassword Configuring RIP for FortiGate interfaces124 ModeAdding RIP neighbors 125Adding RIP neighbors Go to System RIP Neighbor Adding a single RIP filter Adding RIP filters126 Go to System RIP Filter127 Adding a RIP filter listAdd the IP address of the route Mask Add the netmask of the route ActionAdding a neighbors filter Adding a routes filter128 Setting system date and time System configurationTo set the date and time Go to System Config Time 129To set the system idle timeout Changing web-based manager options130 To modify the Dead Gateway Detection settings To set the Auth timeout131 To select a language for the web-based managerAdding new administrator accounts Adding and editing administrator accountsGo to System Config Admin 132Editing administrator accounts To edit an administrator account Go to System Config Admin133 Configuring the FortiGate unit for Snmp monitoring Configuring SnmpConfiguring FortiGate Snmp support Go to System Config Snmp v1/v2c135 FortiGate MIBsTrap Community Trap Receiver IP Addresses FortiGate MIBs MIB file name Description EtherLike.mibFortiGate traps Customizing replacement messages136 FortiGate traps Trap message DescriptionCustomizing replacement messages Go to System Config Replacement Messages137 Customizing alert emails 138Alert email message sections Alert email message sections 139140 141 Firewall configurationDefault firewall configuration Addresses142 Content profiles ServicesSchedules 143Adding firewall policies 144Go to Firewall Policy 145 Traffic Shaping VPN Tunnel146 Dynamic IP Pool Fixed PortAuthentication Anti-Virus & Web filter147 Log Traffic Comments148 Policy matching in detail Configuring policy listsChanging the order of policies in a policy list 149Enabling and disabling policies AddressesDisabling a policy Enabling a policyAdding addresses 151Go to Firewall Address Deleting addresses Editing addressesOrganizing addresses into address groups 152Services Predefined services153 ANY 154IRC 155Grouping services Providing access to custom servicesGo to Firewall Service Custom Go to Firewall Service Group157 SchedulesCreating recurring schedules Creating one-time schedules158 Go to Firewall Schedule One-time159 Adding a schedule to a policyVirtual IPs Adding static NAT virtual IPs160 161 Adding port forwarding virtual IPs162 163 Adding policies with virtual IPsAdding an IP pool IP pools164 Go to Firewall IP PoolIP Pools for firewall policies that use fixed ports IP pools and dynamic NAT165 IP/MAC binding Go to Firewall IP/MAC Binding Setting166 Go to Firewall IP/MAC Binding Static IP/MAC167 Adding IP/MAC addressesEnabling IP/MAC binding Viewing the dynamic IP/MAC list168 Go to Firewall IP/MAC Binding Dynamic IP/MAC169 Content profilesAdding a content profile Default content profilesGo to Firewall Content Profile 170Adding a content profile to a policy 171Oversized File/Email Block Pass Fragmented Email 172 173 Users and authenticationAdding user names and configuring authentication Setting authentication timeoutAdding user names and configuring authentication 174175 Deleting user names from the internal databaseAdding Radius servers Configuring Radius supportDeleting Radius servers 176Adding Ldap servers Configuring Ldap support177 Go to User Ldap178 Deleting Ldap serversAdding user groups Configuring user groups179 Go to User User Group180 Deleting user groups181 IPSec VPNManual Keys Key managementAutoIKE with pre-shared keys AutoIKE with certificatesManual key IPSec VPNs General configuration steps for a manual key VPNAdding a manual key VPN tunnel 183184 Adding a phase 1 configuration for an AutoIKE VPN General configuration steps for an AutoIKE VPNGo to VPN Ipsec Phase AutoIKE IPSec VPNs186 Remote Gateway Static IP AddressRemote Gateway Dialup User 187 Configuring advanced options188 189 Adding a phase 2 configuration for an AutoIKE VPN190 Managing digital certificates Obtaining a signed local certificate191 Generating the certificate request 192Go to VPN Local Certificates Downloading the certificate request Requesting the signed local certificate193 Retrieving the signed local certificate Importing the signed local certificate194 Retrieving a CA certificate Obtaining a CA certificateImporting a CA certificate 195196 Configuring encrypt policiesAdding a destination address Adding a source addressAdding an encrypt policy 197Adding an encrypt policy 198VPN concentrator hub general configuration steps IPSec VPN concentrators199 Source InternalAll Destination VPN spoke address Action 200Adding a VPN concentrator 201Go to VPN IPSec Concentrator 202 VPN spoke general configuration stepsVPN Tunnel PoliciesConfiguring redundant IPSec VPN Redundant IPSec VPNs203 204 See Adding a phase 1 configuration for an AutoIKE VPN onViewing VPN tunnel status Monitoring and Troubleshooting VPNsViewing dialup VPN connection status 205Testing a VPN 206Go to VPN IPSec Dialup Configuring Pptp Pptp and L2TP VPN207 Adding users and user groups Configuring the FortiGate unit as a Pptp gatewayEnabling Pptp and specifying an address range 208209 Adding an address groupInstalling Pptp support Configuring a Windows 98 client for PptpGo to Start Settings Control Panel Network Adding a firewall policyConnecting to the Pptp VPN Configuring a Pptp dialup connectionConfiguring a Windows 2000 client for Pptp 211Configuring the VPN connection Configuring a Windows XP client for Pptp212 Go to Start Control Panel213 Configuring L2TPEnabling L2TP and specifying an address range Configuring the FortiGate unit as a L2TP gateway214 Go to VPN L2TP L2TP Range215 Sample L2TP address range configuration216 Configuring an L2TP dialup connection Configuring a Windows 2000 client for L2TPDisabling IPSec 217Configuring a Windows XP client for L2TP Connecting to the L2TP VPNConfiguring an L2TP VPN dialup connection Go to Start Settings219 220 Network Intrusion Detection System Nids Detecting attacks221 Selecting the interfaces to monitor Configuring checksum verificationDisabling the Nids 222Viewing attack descriptions Viewing the signature list223 Go to Nids Detection Signature ListAdding user-defined signatures Enabling and disabling Nids attack signatures224 Go to Nids Detection User Defined Signature ListDownloading the user-defined signature list Preventing attacksEnabling Nids attack prevention 225Setting signature threshold values Enabling Nids attack prevention signatures226 227 Value Description Minimum Maximum Default Configuring synflood signature valuesLogging attacks Logging attack messages to the attack logAutomatic message reduction Reducing the number of Nids attack log and email messagesManual message reduction 229230 General configuration steps Antivirus protection231 Antivirus scanning 232To scan FortiGate firewall traffic for viruses Blocking files in firewall traffic File blockingAdding file patterns to block 233Blocking oversized files and emails Configuring limits for oversized files and emailExempting fragmented email from blocking Viewing the virus list235 Web filteringGo to Web Filter Content Block Content blockingAdding words and phrases to the banned word list 236URL blocking Using the FortiGate web filterAdding URLs or URL patterns to the block list 237238 Clearing the URL block listDownloading the URL block list Uploading a URL block list239 Installing a Cerberian license key on the FortiGate unit Using the Cerberian web filterAdding a Cerberian user to the FortiGate unit 240About the default group and policy Configuring Cerberian web filterTo configure the Cerberian web filtering Enabling Cerberian URL filteringEnabling the script filter Script filteringSelecting script filter options 242Adding URLs to the exempt URL list Exempt URL list243 Go to Web Filter Exempt URL244 245 Email filterGo to Email Filter Content Block Email banned word list246 Email exempt list Email block listAdding address patterns to the email block list 247Adding a subject tag To add a subject tag Go to Email Filter ConfigAdding address patterns to the email exempt list 248Logging and reporting Recording logs249 Recording logs on a remote computer Recording logs on a NetIQ WebTrends server250 Filtering log messages Recording logs in system memory251 252 Example log filter configurationEnabling traffic logging Configuring traffic loggingEnabling traffic logging for an interface Enabling traffic logging for a firewall policyGo to Log&Report Log Setting Traffic Filter Configuring traffic filter settingsAdding traffic filter entries 254Viewing logs saved to memory Destination IP Address Destination Netmask ServiceViewing logs 255Searching logs Configuring alert emailAdding alert email addresses 256Enabling alert email Testing alert email257 Go to Log&Report Alert Mail Categories258 259 Glossary260 261 262 263 IndexIndex 264FDS 265Ldap 266MIB 267RMA 268TCP 269UDP 270271 272

Related manuals

Manual 84 pages 47.25 Kb