Profile CLI configurationFirewall

firewall profile command keywords and variables

Keywords and

Description

Default

Availability

variables

 

 

 

ftp

Select the actions that this profile will

splice

All models.

{block

use for filtering FTP traffic for a policy.

 

 

content-archive

• Enter splice to enable the

 

 

no-content-summary

FortiGate unit to simultaneously

 

 

buffer a file for scanning and upload

 

 

oversize

the file to an FTP server. If a virus is

 

 

quarantine scan

detected, the FortiGate unit stops the

 

 

splice}

upload and attempts to delete the

 

 

 

partially uploaded file from the FTP

 

 

 

server. To delete the file successfully,

 

 

 

the server permissions must be set

 

 

 

to allow deletes. When downloading

 

 

 

files from an FTP server the

 

 

 

FortiGate unit sends 1 byte every 30

 

 

 

seconds to prevent the client from

 

 

 

timing out during scanning and

 

 

 

download. If a virus is detected, the

 

 

 

FortiGate unit stops the download.

 

 

 

The user must then delete the

 

 

 

partially downloaded file. There

 

 

 

should not be enough content in the

 

 

 

file to cause any harm. Enabling

 

 

 

splice reduces timeouts when

 

 

 

uploading and downloading large

 

 

 

files. When splice is disabled for ftp,

 

 

 

the FortiGate unit buffers the file for

 

 

 

scanning before uploading it to the

 

 

 

FTP server. If the file is clean, the

 

 

 

FortiGate unit will allow the upload to

 

 

 

continue.

 

 

 

Enter all the actions you want this

 

 

 

profile to use. Use a space to separate

 

 

 

the options you enter. If you want to

 

 

 

remove an option from the list or add

 

 

 

an option to the list, you must retype

 

 

 

the list with the option removed or

 

 

 

added.

 

 

http

Select the actions that this profile will

No default.

All models.

{bannedword block

use for filtering HTTP traffic for a

 

 

catblock

policy.

 

 

• Enter chunkedbypass to allow web

 

 

chunkedbypass

 

 

sites that use chunked encoding for

 

 

content-archive

HTTP to bypass the firewall.

 

 

no-content-summary

Chunked encoding means the HTTP

 

 

oversize

message body is altered to allow it to

 

 

quarantine

be transferred in a series of chunks.

 

 

Use this feature at your own risk.

 

 

rangeblock scan

Malicious content could enter your

 

 

scriptfilter

network if you allow web content to

 

 

urlblock

bypass the firewall.

 

 

urlexempt}

Enter all the actions you want this

 

 

 

profile to use. Use a space to separate

 

 

 

the options you enter. If you want to

 

 

 

remove an option from the list or add

 

 

 

an option to the list, you must retype

 

 

 

the list with the option removed or

 

 

 

added.

 

 

230

01-28007-0068-20041203

Fortinet Inc.

Page 230
Image 230
Fortinet 100A manual Firewall profile command keywords and variables, 230

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.