Antivirus protection

Blocking files in firewall traffic

 

 

File blocking

Enable file blocking to remove all files that pose a potential threat and to provide the best protection from active computer virus attacks. Blocking files is the only protection available from a virus that is so new that antivirus scanning cannot detect it. You would not normally run the FortiGate unit with blocking enabled. However, it is available for extremely high-risk situations in which there is no other way to prevent viruses from entering your network.

File blocking deletes all files that match a list of enabled file patterns. The FortiGate unit replaces the file with an alert message that is forwarded to the user. The FortiGate unit also writes a message to the virus log and sends an alert email if it is configured to do so.

Note: If both blocking and scanning are enabled, the FortiGate unit blocks files that match enabled file patterns and does not scan these files for viruses.

By default, when blocking is enabled, the FortiGate unit blocks the following file patterns:

executable files (*.bat, *.com, and *.exe)

compressed or archive files (*.gz, *.rar, *.tar, *.tgz, and *.zip)

dynamic link libraries (*.dll)

HTML application (*.hta)

Microsoft Office files (*.doc, *.ppt, *.xl?)

Microsoft Works files (*.wps)

Visual Basic files (*.vb?)

screen saver files (*.scr)

Blocking files in firewall traffic

Use content profiles to apply file blocking to HTTP, FTP, POP3, IMAP, and SMTP traffic controlled by firewall policies.

1Select file blocking in a content profile.

See “Adding a content profile” on page 170.

2Add this content profile to firewall policies to apply content blocking to the traffic controlled by the firewall policy.

See “Adding a content profile to a policy” on page 171.

Adding file patterns to block

1Go to Anti-Virus > File Block.

2Select New.

3Type the new pattern in the File Pattern field.

You can use an asterisk (*) to represent any characters and a question mark (?) to represent any single character. For example, *.dot blocks Microsoft Word template files and *.do? blocks both Microsoft Word template files and document files.

4Select the check box beside the traffic protocols for which you want to enable blocking of this file pattern.

5Select OK.

FortiGate-100 Installation and Configuration Guide

233

Page 232 Page 234
Page 233
Image 233
Fortinet 100 user manual File blocking, Blocking files in firewall traffic, Adding file patterns to block, 233
Page 232 Page 234
Top Page Image Contents