Advanced configuration

Antivirus options

Configuring firewall policies

To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy.

The source and destination Interface/Zone match the firewall policy with the source and destination of a communication session. The Address Name matches the source and destination address of the communication session.

Schedule defines when the firewall policy is enabled. While most policies are always on, you can configure a firewall policy so that it is only on at specific times of the day. For example, you may want to block news and entertainment sites most of the day, except during lunch or after work, enabling your employees to only view those sites during non-working times.

Service matches the firewall policy with the service used by a communication session. This enables you to configure a policy for general web surfing and a different policy specifically for other traffic such as SMTP mail or FTP uploads and downloads.

Action defines how the FortiGate unit processes traffic. Specify an action to accept or deny traffic or configure a firewall encryption policy.

Add ACCEPT policies that accept communication sessions. Using an accept policy, you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy.

Add DENY policies to deny communication sessions.

Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption policies determine which types of IP traffic will be permitted during an IPSec or SSL VPN session.

Select Protection Profile to include apply a protection profile to the firewall policy for scanning of traffic passing through the FortiGate unit.

For details on the firewall policies features and settings, see the FortiGate Administration Guide or the FortiGate Online Help.

Antivirus options

The FortiGate unit’s antivirus configuration prevents malicious files from entering and infecting your network environment.

The FortiGate unit uses a number of processes to scan files to ensure unwanted files and potential attackers do not get through. The FortiGate unit scans using these antivirus options:

File pattern - The FortiGate will check the file against the file pattern setting you have configured. You can set which file names or file types the FortiGate unit looks for in the incoming traffic.

Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiGate unit to and purchase FortiGuard services to use virus scanning through the FDN.

FortiGate-110C FortiOS 3.0 MR6 Install Guide

 

01-30006-0481-20080728

33

Page 35
Image 35
Fortinet 110C manual Antivirus options, Configuring firewall policies

110C specifications

The Fortinet 110C is a robust security appliance designed to provide comprehensive protection for small to medium-sized enterprises. It offers advanced security features combined with high-performance networking capabilities, making it an ideal choice for businesses looking to safeguard their digital assets while maintaining efficient network operations.

One of the standout features of the Fortinet 110C is its FortiOS operating system, which provides a unified security platform that integrates various security functionalities. This operating system supports firewall, VPN, intrusion prevention system (IPS), antivirus, and web filtering features, all managed from a single interface. This integration simplifies security management while enhancing overall performance.

The Fortinet 110C is equipped with an impressive throughput capacity, capable of managing up to 5 Gbps of firewall traffic and 1.5 Gbps of VPN throughput. This high performance ensures that businesses experience minimal latency and interruption, even during peak usage periods. The device also supports up to 100,000 concurrent sessions, which is crucial for organizations experiencing increases in network traffic or user connections.

In terms of connectivity, the Fortinet 110C features multiple Ethernet ports, including both WAN and LAN options, allowing for flexible network setups. The appliance supports VLAN configurations, enabling businesses to segment their networks for better security and traffic management. Additionally, the Fortinet 110C offers advanced routing features such as static and dynamic routing, which further enhances its functionality.

Security is paramount, and the Fortinet 110C excels with its comprehensive threat detection and prevention capabilities. Its Intrusion Prevention System (IPS) is designed to detect and neutralize threats in real-time, ensuring that sensitive business data remains protected. Moreover, the integrated antivirus engine scans traffic for malicious content, effectively blocking threats before they reach the network.

For businesses concerned about compliance, the Fortinet 110C includes features that support various regulatory requirements, such as logging and reporting capabilities. This ensures that organizations can maintain records of their network activity and meet audit requirements.

The Fortinet 110C also supports FortiGuard services, providing continuous updates to the security landscape. This ensures that the appliance is equipped to handle emerging threats, reinforcing the organization's security posture.

In conclusion, the Fortinet 110C is a powerful network security appliance that combines advanced security features with high performance. Its integration capabilities, impressive throughput, and robust security measures make it an optimal choice for small to medium-sized businesses looking to enhance their network security while maintaining operational efficiency. With FortiOS at its core and support for a wide range of security functionalities, the 110C stands out as a reliable solution in the ever-evolving cybersecurity landscape.