|
|
Advanced configuration | Protection profiles |
Advanced configuration
The FortiGate unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your network. This chapter describes some of these options and how to configure them.
This chapter includes
•Protection profiles
•Firewall policies
•Antivirus options
•AntiSpam options
•Web filtering
•Logging
Protection profiles
A protection profile is a group of settings you can adjust to suit your requirements for network protection. Since protection profiles apply different protection settings to traffic controlled by firewall policies, you can tailor the settings to the type of traffic each policy handles.
Use protection profiles to configure:
•antivirus protection
•web filtering
•web category filtering
•spam filtering
•content archiving
•instant messaging filtering and access control
•P2P access and bandwidth control
•logging options for policies and configurations within the policies
•rate limiting for VoIP protocols.
Using protection profiles, you can customize types and levels of protection for different firewall policies.
For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure policies for different traffic services to use the same or different protection profiles.
The FortiGate unit is preconfigured with four default protection profiles. In many cases you can use these default protection profiles, or use them as a starting point in creating your own.
Table 1: Default protection profiles
Strict Applies maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic. The strict protection profile may not be useful under normal circumstances but it is available when maximum protection is required.
Scan Apply virus scanning to HTTP, FTP, IMAP, POP3, and SMTP traffic.
31 |