Fortinet 800F manual Web protection profile settings

Page 22

Factory default protection profiles

Getting started

 

 

Using protection profiles, you can build protection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure firewall policies for different traffic services to use the same or different protection profiles.

Protection profiles can be added to NAT/Route mode and Transparent mode firewall policies.

The FortiGate unit comes preconfigured with four protection profiles.

Strict

To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic.

 

You may not use the strict protection profile under normal circumstances but

 

it is available if you have problems with viruses and require maximum

 

screening.

Scan

To apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content

 

traffic. Quarantine is also selected for all content services. On FortiGate

 

models with a hard drive, if antivirus scanning finds a virus in a file, the file is

 

quarantined on the FortiGate local disk. If required, system administrators

 

can recover quarantined files.

Web

To apply antivirus scanning and web content blocking to HTTP content

 

traffic. You can add this protection profile to firewall policies that control

 

HTTP traffic.

Unfiltered

To apply no scanning, blocking or IPS. Use if you do not want to apply

 

content protection to content traffic. You can add this protection profile to

 

firewall policies for connections between highly trusted or highly secure

 

networks where content does not need to be protected.

Figure 5: Web protection profile settings

22

01-28006-0024-20041026

Fortinet Inc.

Image 22
Contents Installation Guide October 01-28006-0024-20041026Trademarks Regulatory ComplianceTable of Contents Index Secure installation, configuration, and management IntroductionCommand line interface Web-based managerSetup wizard Document conventionsFortiGate Installation Guide FortiGate documentationFortiClient documentation Related documentationFortiManager documentation FortiMail documentationFortiLog documentation Comments on Fortinet technical documentationCustomer service and technical support Comments on Fortinet technical documentation Getting started Package contents Mounting Connecting to the web-based manager Turning the FortiGate unit power on and offTo power off the FortiGate unit Connecting to the command line interface CLI To connect to the web-based managerTo connect to the CLI WelcomeFactory default FortiGate configuration settings Factory default NAT/Route mode network configurationFactory default Transparent mode network configuration Network SettingsFactory default firewall configuration Factory default protection profilesWeb protection profile settings Planning the FortiGate configuration NAT/Route modeNAT/Route mode with multiple external network connections Transparent modeWeb-based manager and setup wizard Configuration optionsFront control buttons and LCD Next steps NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route modeDhcp or PPPoE configuration DMZConfiguring basic settings Using the web-based managerTo configure interfaces Go to System Network Interface To add a default route Using the front control buttons and LCDTo configure DNS server settings Go to System Network DNS Go to System Router StaticTo add a default gateway to an interface Using the command line interfaceConfiguring the FortiGate unit to operate in NAT/Route mode To add/change the administrator passwordTo configure interfaces ExampleTo configure DNS server settings Get system interfaceUsing the setup wizard On page 28 and on page 29 for other settingsStarting the setup wizard Dhcp serverFortiGate-800 Connecting the FortiGate unit to the networksFortiGate-800F To connect the FortiGate unit running in NAT/Route mode To connect to FortiGate-800/800F user-defined interfacesConfiguring the networks To set the date and time Go to System Config TimeTo register the FortiGate unit To configure virus, attack, and spam definition updates Go to System Maintenance Update CenterTransparent mode installation Preparing to configure Transparent modeTo change the Management IP Go to System Network Management Reconnecting to the web-based manager To change the management IP address and netmaskTo change to Transparent mode using the CLI To add a default gatewayTo configure the management IP address To configure the default gateway EndConnecting the FortiGate unit to your network To start the setup wizardFortiGate-800F Internal Network Other Network To register your FortiGate unit Reconnecting to the web-based manager High availability configuration settings High availability installationConfiguring FortiGate units for HA operation Priorities of heartbeat device and monitor prioritiesGroup ID MAC Address High availability settings Schedule To change the FortiGate unit host nameConfiguring FortiGate units for HA using the CLI Config system global Set hostname namestr endConnecting the cluster to your networks To configure the FortiGate unit for HA operationTo connect the cluster Installing and configuring the cluster Internal NetworkConfiguring FortiGate units for HA using the CLI Index CLIIndex 01-28006-0024-20041026

800F, 800 specifications

Fortinet, a leader in cybersecurity solutions, has made significant strides in fortifying enterprise networks with its FortiGate 800 and 800F series. These next-generation firewalls are designed to deliver high performance and security for organizations seeking to protect their critical assets while ensuring optimal network efficiency.

The FortiGate 800 and 800F series are built on Fortinet's proprietary Security Fabric architecture, which provides a consolidated approach to security. This architecture allows organizations to leverage seamless integration across various security solutions and services, enhancing visibility and control. With a focus on scalability, these models support various deployment scenarios—from branch offices to data centers—making them versatile options for organizations of any size.

One of the standout features of the FortiGate 800 and 800F series is their robust threat intelligence capabilities. Powered by FortiGuard Labs, these firewalls provide real-time threat intelligence that enables proactive threat mitigation and incident response. This not only helps to defend against known threats but also enhances the firewall’s ability to identify emerging threats, ensuring comprehensive protection.

The series boasts impressive performance metrics. The FortiGate 800F can process up to 20 Gbps of firewall throughput and 1.5 million concurrent sessions, making it a suitable choice for high-performance environments. Additionally, the built-in SSL inspection capabilities allow organizations to decrypt and inspect encrypted traffic, which is crucial for detecting hidden threats.

The FortiGate 800 and 800F also feature advanced security technologies, including Intrusion Prevention System (IPS), antivirus, web filtering, and application control, all managed through a unified interface. This centralization simplifies management and reduces administrative overhead, allowing IT teams to focus on strategic initiatives.

Another significant characteristic of the FortiGate 800F is its energy efficiency. The design includes hardware optimizations that not only enhance performance but also reduce power consumption, aligning with the growing emphasis on sustainability practices.

In summary, the Fortinet FortiGate 800 and 800F series are comprehensive network security solutions that leverage advanced technologies to provide organizations with the security, performance, and flexibility necessary in today's threat landscape. With their robust threat intelligence and high throughput capabilities, these firewalls are well-suited for enterprises looking to fortify their defenses against an ever-evolving array of cyber threats.