Fortinet 3016B manual Antivirus options, Configuring firewall policies

Page 35

 

 

Advanced configuration

Antivirus options

Configuring firewall policies

To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy.

The source and destination Interface/Zone match the firewall policy with the source and destination of a communication session. The Address Name matches the source and destination address of the communication session.

Schedule defines when the firewall policy is enabled. While most policies are always on, you can configure a firewall policy so that it is only on at specific times of the day. For example, you may want to block news and entertainment sites most of the day, except during lunch or after work, enabling your employees to only view those sites during non-working times.

Service matches the firewall policy with the service used by a communication session. This enables you to configure a policy for general web surfing and a different policy specifically for other traffic such as SMTP mail or FTP uploads and downloads.

Action defines how the FortiGate unit processes traffic. Specify an action to accept or deny traffic or configure a firewall encryption policy.

Add ACCEPT policies that accept communication sessions. Using an accept policy, you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy.

Add DENY policies to deny communication sessions.

Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption policies determine which types of IP traffic will be permitted during an IPSec or SSL VPN session.

Select Protection Profile to include apply a protection profile to the firewall policy for scanning of traffic passing through the FortiGate unit.

For details on the firewall policies features and settings, see the FortiGate Administration Guide or the FortiGate Online Help.

Antivirus options

The FortiGate unit’s antivirus configuration prevents malicious files from entering and infecting your network environment.

The FortiGate unit uses a number of processes to scan files to ensure unwanted files and potential attackers do not get through. The FortiGate unit scans using these antivirus options:

File pattern - The FortiGate will check the file against the file pattern setting you have configured. You can set which file names or file types the FortiGate unit looks for in the incoming traffic.

Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiGate unit to and purchase FortiGuard services to use virus scanning through the FDN.

FortiGate-3016B FortiOS 3.0 MR6 Install Guide

 

01-30006-0458-20080318

35

Image 35
Contents Install G U I D E Regulatory compliance TrademarksContents AMC modules Advanced configurationFortiGate Firmware Using the web-based managerInstalling firmware from a system reboot using the CLI Testing new firmware before installingPage Register your FortiGate unit IntroductionDocument conventions About the FortiGate-3016BAbout this document Typographic conventions Further ReadingComments on Fortinet technical documentation Customer service and technical supportFortinet Knowledge Center Environmental specifications InstallingMounting GroundingRack mount instructions Installed mounting brackets To install the FortiGate unit into a rackPlugging in the FortiGate To power on the FortiGate unitTurning off the FortiGate unit Connecting to the networkTo power off the FortiGate unit Turning off the FortiGate unit NAT mode ConfiguringNAT vs. Transparent mode To connect to the web-based manager Connecting to the FortiGate unitTransparent mode Connecting to the web-based managerTo connect to the CLI Connecting to the CLITo configure interfaces Go to System Network Interface Configuring NAT modeUsing the web-based manager Configure the interfacesAdding a default route and gateway Configure a DNS serverAdding firewall policies To modify the default gateway Go to Router StaticTo set an interface to use Dhcp addressing Using the CLITo set an interface to use a static address To set an interface to use PPPoE addressing To configure DNS server settingsTo add an outgoing traffic firewall policy Configuring Transparent modeTo modify the default gateway To switch to Transparent mode Go to System Status Switching to Transparent modeTo switch to Transparent mode To configure DNS server settings Backing up the configuration Verify the configurationSet the time and date Restoring a configurationAdditional configuration Set the Administrator passwordUpdating antivirus and IPS signatures Configure FortiGuardAdditional configuration Protection profiles Advanced configurationFirewall policies Firewall policiesAntivirus options Configuring firewall policiesAntiSpam options Web filtering Logging AMC modules Installing AMC filler unitsInstalling modules To install the filler moduleTo insert a module into a FortiGate chassis Using the AMC modulesRemoving modules Hard disk moduleFormatting the hard disk Log configuration using the web-based managerTo format the ASM-S08 hard disk enter the following command ASM-FB4 and ADM-XB2 modules Log configuration using the CLIChanging interfaces to operate in Sgmii or SerDes mode Viewing logsAMC modules Config system interface edit AMC-SW1/1 Set speed auto End Configure the speedUpgrading the firmware Using the web-based managerFortiGate Firmware Downloading firmwareTo revert to a previous firmware version To upgrade the firmwareReverting to a previous version Using the USB Auto-Install Backup and Restore from a USB keyTo upgrade the firmware using the CLI Using the CLIExecute restore image namestr tftpipv4 To revert to a previous firmware version using the CLITo install firmware from a system reboot Installing firmware from a system reboot using the CLIEnter Tftp server address To restore configuration using the CLI Restoring the previous configurationTo backup configuration using the CLI To configure the USB Auto-Install using the CLI Testing new firmware before installingAdditional CLI Commands for a USB key To test the new firmware image FortiGate Firmware Testing new firmware before installing Index Web filtering 37 web-based manager Page Page
Related manuals
Manual 2 pages 28.98 Kb

3016B specifications

The Fortinet 3016B is a robust firewall solution designed to meet the dynamic security needs of modern enterprises. As part of the FortiGate product line, the 3016B combines advanced security features with high performance, catering to organizations that require reliability and efficiency in managing their network security.

One of the primary features of the Fortinet 3016B is its high throughput capabilities. It supports up to 40 Gbps of firewall throughput and an impressive 7.5 Gbps of intrusion prevention system (IPS) throughput. This ensures that even at peak network loads, the firewall can maintain strong performance without compromising security. This feature is particularly important for businesses that handle large volumes of data and require seamless connectivity for their operational efficiency.

The 3016B leverages Fortinet's proprietary FortiOS operating system, which is known for its user-friendly interface and comprehensive security functionalities. FortiOS includes a variety of tools such as a next-generation firewall (NGFW), antivirus protection, web filtering, and application control, all incorporated into a single platform. This consolidation helps in simplifying management while providing extensive security coverage against a wide array of cyber threats.

Moreover, the Fortinet 3016B incorporates advanced threat intelligence capabilities powered by FortiGuard Labs. This allows the firewall to stay updated with real-time threat feeds, enabling the organization to respond proactively to emerging threats and vulnerabilities. The integration of AI-driven analytics enhances anomaly detection and helps in identifying potential breaches before they can escalate.

Another notable characteristic of the 3016B is its scalability. Designed for medium to large enterprises, it can easily integrate into existing infrastructure and scale as business needs grow. With support for multiple virtual domains (VDOMs), organizations can create isolated environments for different departments or functions, maintaining policy separations while optimizing resource utilization.

In terms of connectivity, the Fortinet 3016B offers various interfaces, including multiple 1G and 10G Ethernet ports, ensuring flexible deployment options. The device also supports high availability (HA) configurations, which provide redundancy and minimize downtime.

Overall, the Fortinet 3016B is an exceptional solution that combines superior security features with high performance and scalability, making it a prime choice for organizations looking to strengthen their network security posture without sacrificing efficiency. With its comprehensive capabilities, it empowers businesses to tackle today’s cybersecurity challenges effectively.