Fortinet 224B manual Antivirus options, Configuring firewall policies

Page 33

 

 

Advanced configuration

Antivirus options

Configuring firewall policies

To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy.

The source and destination Interface/Zone match the firewall policy with the source and destination of a communication session. The Address Name matches the source and destination address of the communication session.

Schedule defines when the firewall policy is enabled. While most policies are always on, you can configure a firewall policy so that it is only on at specific times of the day. For example, you may want to block news and entertainment sites most of the day, except during lunch or after work, enabling your employees to only view those sites during non-working times.

Service matches the firewall policy with the service used by a communication session. This enables you to configure a policy for general web surfing and a different policy specifically for other traffic such as SMTP mail or FTP uploads and downloads.

Action defines how the FortiGate unit processes traffic. Specify an action to accept or deny traffic or configure a firewall encryption policy.

Add ACCEPT policies that accept communication sessions. Using an accept policy, you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy.

Add DENY policies to deny communication sessions.

Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption policies determine which types of IP traffic will be permitted during an IPSec or SSL VPN session.

Select Protection Profile to include apply a protection profile to the firewall policy for scanning of traffic passing through the FortiGate unit.

For details on the firewall policies features and settings, see the FortiGate Administration Guide or the FortiGate Online Help.

Antivirus options

The FortiGate unit’s antivirus configuration prevents malicious files from entering and infecting your network environment.

The FortiGate unit uses a number of processes to scan files to ensure unwanted files and potential attackers do not get through. The FortiGate unit scans using these antivirus options:

File pattern - The FortiGate will check the file against the file pattern setting you have configured. You can set which file names or file types the FortiGate unit looks for in the incoming traffic.

Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiGate unit to and purchase FortiGuard services to use virus scanning through the FDN.

FortiGate-224B FortiOS 3.0 MR6 Install Guide

 

01-30006-0451-20080815

33

Page 32 Page 34
Image 33
Page 32 Page 34
Contents Install G U I D E Regulatory compliance TrademarksContents FortiGate Firmware Advanced configurationInstalling firmware from a system reboot using the CLI Testing new firmware before installingIndex Page Register your FortiGate unit IntroductionAbout the FortiGate-224B About this documentDocument conventions Typographic conventions Further ReadingCustomer service and technical support Fortinet Knowledge CenterComments on Fortinet technical documentation Environmental specifications InstallingGrounding Rack mount instructionsMounting Installed mounting brackets To install the FortiGate unit into a rackTo power on the FortiGate unit Connecting to the networkTo power off the FortiGate unit Plugging in the FortiGateNAT mode NAT vs. Transparent modeTransparent mode Connecting to the FortiGate unitConnecting to the web-based manager To connect to the web-based managerTo connect to the CLI Connecting to the CLIUsing the web-based manager Configuring NAT modeConfigure the interfaces To configure interfaces Go to System Network InterfaceAdding a default route and gateway Configure a DNS serverAdding firewall policies To modify the default gateway Go to Router StaticUsing the CLI To set an interface to use a static addressTo set an interface to use Dhcp addressing To set an interface to use PPPoE addressing To configure DNS server settingsTo add an outgoing traffic firewall policy To modify the default gatewayConfiguring Transparent mode Switching to Transparent modeTo switch to Transparent mode Go to System Status Source Address All Destination Interface To switch to Transparent mode Backing up the configuration Verify the configurationAdditional configuration Restoring a configurationSet the Administrator password Set the time and dateUpdating antivirus and IPS signatures Configure FortiGuardAdditional configuration Protection profiles Advanced configurationFirewall policies Firewall policiesAntivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Downloading firmware FortiGate FirmwareUsing the web-based manager Upgrading the firmwareReverting to a previous version Backup and Restore from a USB key Using the USB Auto-InstallTo revert to a previous firmware version To upgrade the firmware using the CLI Using the CLITo revert to a previous firmware version using the CLI Execute restore image namestr tftpip4Execute restore image namestr tftpipv4 Installing firmware from a system reboot using the CLIPress any key to display configuration menu To install firmware from a system rebootTo backup configuration using the CLI Restoring the previous configurationAdditional CLI Commands for a USB key To restore configuration using the CLITo configure the USB Auto-Install using the CLI To test the new firmware image Testing new firmware before installingTesting new firmware before installing Testing new firmware before installing Index Web filtering 35 web-based manager Page Page
Top Page Image Contents