Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 110C Advanced configuration, Protection profiles, AntiSpam options Web filtering Logging

Models: 110C

1 56

Download 56 pages 17.98 Kb

Page 33

Advanced configuration


Advanced configuration	Protection profiles

Advanced configuration

The FortiGate unit and the FortiOS operating system provide a wide range of features that enable you to control network and internet traffic and protect your network. This chapter describes some of these options and how to configure them.

This chapter includes

•Protection profiles

•Firewall policies

•Antivirus options

•AntiSpam options

•Web filtering

•Logging

Protection profiles

A protection profile is a group of settings you can adjust to suit your requirements for network protection. Since protection profiles apply different protection settings to traffic controlled by firewall policies, you can tailor the settings to the type of traffic each policy handles.

Use protection profiles to configure:

•antivirus protection

•web filtering

•web category filtering

•spam filtering

•content archiving

•instant messaging filtering and access control

•P2P access and bandwidth control

•logging options for policies and configurations within the policies

•rate limiting for VoIP protocols.

Using protection profiles, you can customize types and levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure policies for different traffic services to use the same or different protection profiles.

The FortiGate unit is preconfigured with four default protection profiles. In many cases you can use these default protection profiles, or use them as a starting point in creating your own.

Table 1: Default protection profiles

Strict Applies maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic. The strict protection profile may not be useful under normal circumstances but it is available when maximum protection is required.

Scan Apply virus scanning to HTTP, FTP, IMAP, POP3, and SMTP traffic.

FortiGate-110C FortiOS 3.0 MR6 Install Guide
01-30006-0481-20080728	31

Image 33

Fortinet 110C manual Advanced configuration, Protection profiles Firewall policies Antivirus options

Contents

FortiGate-110C FortiOS 3.0 MR6 I N S T A L L G U I D EFortiGate-110C Install Guide TrademarksRegulatory compliance Contents ContentsInstalling ConfiguringConfiguring Transparent mode Advanced configurationVerify the configuration Backing up the configurationTesting new firmware before installing Installing firmware from a system reboot using the CLIIndex ContentsContents FortiGate-110C FortiOS 3.0 MR6 Install Guide01-30006-0481-20080728 Register your FortiGate unit IntroductionAbout the FortiGate-110C About this documentDocument conventions Further Reading FortiGate Administration GuideTypographic conventions FortiGate QuickStart GuideFortinet Knowledge Center Customer service and technical supportComments on Fortinet technical documentation FortiGate IPS User GuideEnvironmental specifications InstallingEnvironmental specifications Cautions and warnings Plugging in the FortiGate Plugging in the FortiGateGrounding Cautions and warningsRack mount instructions MountingTo install the FortiGate unit into a rack Connecting to the network To power on the FortiGate unitPlugging in the FortiGate Turning off the FortiGate unit To power off the FortiGate unitInstalling FortiGate-110C FortiOS 3.0 MR6 Install GuideTurning off the FortiGate unit 01-30006-0481-20080728NAT vs. Transparent mode ConfiguringNAT mode NAT vs. Transparent mode Connecting to the FortiGate unitTransparent mode Connecting to the FortiGate unitConnecting to the web-based manager To connect to the web-based managerTo connect to the CLI Connecting to the CLIUsing the web-based manager Configuring NAT modeConfigure the interfaces To configure interfaces 1 Go to System Network InterfaceConfigure a DNS server Adding a default route and gatewayTo configure DNS server settings 1 Go to System Network Options Adding firewall policies To modify the default gateway 1 Go to Router StaticTo add an outgoing traffic firewall policy 1 Go to Firewall Policy To add an incoming traffic firewall policy 1 Go to Firewall PolicyFor details, see the FortiGate Administration Guide Using the CLITo set an interface to use a static address To set an interface to use DHCP addressingset username namestr set password psswrd set ipunnumbered ipaddress config system interface edit external set mode pppoeset defaultgw enable disable set dns-server-override enable disable To configure DNS server settingsTo modify the default gateway Configuring Transparent modeTo add an outgoing traffic firewall policy Adding firewall policiesTo switch to Transparent mode 1 Go to System Status Switching to Transparent modeUsing the web-based manager Configure a DNS serverUsing the CLI To switch to Transparent modeSwitching to Transparent mode To add an outgoing traffic firewall policy 1 Go to Firewall PolicyTo configure DNS server settings Configure a DNS serverAdding firewall policies To add an outgoing traffic firewall policyBacking up the configuration Verify the configurationTo back up the FortiGate configuration 1 Go to System Maintenance Backup & RestoreAdditional configuration Restoring a configurationSet the Administrator password To restore the FortiGate configurationTo change the administrator password Configure FortiGuard1 Go to System Admin Administrators To update antivirus definitions and IPS signaturesFortiGate-110C FortiOS 3.0 MR6 Install Guide Additional configurationConfiguring 01-30006-0481-20080728Protection profiles Advanced configurationProtection profiles Firewall policies Antivirus options AntiSpam options Web filtering LoggingFirewall policies Antivirus options Configuring firewall policiesAntiSpam options Web filtering Logging Installing firmware from a system reboot using the CLI Downloading firmware Using the web-based manager Using the CLITesting new firmware before installing FortiGate FirmwareTo upgrade the firmware Using the web-based manager4 Under System Information Firmware Version, select Update Upgrading the firmwareUsing the USB Auto-Install Backup and Restore from a USB keyTo backup configuration 1 Go to System Maintenance Backup and RestoreTo configure the USB Auto-Install Using the CLITo upgrade the firmware using the CLI 1 Go to System Maintenance Backup and Restoreexecute restore image image.out execute restore image namestr tftpip4execute update-now To revert to a previous firmware version using the CLIWhere namestr the IP address of the imagev28.out and Installing firmware from a system reboot using the CLIInstalling firmware from a system reboot using the CLI To install firmware from a system rebootconfig system interface edit interface set ip addressip4mask Restoring the previous configurationset allowaccess pinghttpssshtelnethttp end To backup configuration using the CLITo restore configuration using the CLI Additional CLI Commands for a USB keyTo configure the USB Auto-Install using the CLI Using the USB Auto-InstallTo test the new firmware image Testing new firmware before installingTesting new firmware before installing FortiGate-110C FortiOS 3.0 MR6 Install Guide Testing new firmware before installing01-30006-0481-20080728 FortiGate FirmwareIndex FortiGate-110C FortiOS 3.0 MR6 Install Guide Index01-30006-0481-20080728 FortiGate-110C FortiOS 3.0 MR6 Install Guide Index01-30006-0481-20080728 FortiGate-110C FortiOS 3.0 MR6 Install Guide Index01-30006-0481-20080728