Advanced configuration Protection profiles
FortiGate-30B FortiOS 3.0 MR6 Install Guide
01-30006-0459-20080505 33
Advanced configurationThe FortiGate unit and the FortiOS operating system provide a wide range of
features that enable you to control network and internet traffic and protect your
network. This chapter describes some of these options and how to configure
them.
This chapter includes
•Protection profiles
•Firewall policies
•Antivirus options
•AntiSpam options
•Web filtering
•Logging
Protection profiles
A protection profile is a group of settings you can adjust to suit your requirements
for network protection. Since protection profiles apply different protection settings
to traffic controlled by firewall policies, you can tailor the settings to the type of
traffic each policy handles.
Use protection profiles to configure:
• antivirus protection
• web filtering
• web category filtering
• spam filtering
• content archiving
• instant messaging filtering and access control
• P2P access and bandwidth control
• logging options for policies and configurations within the policies
• rate limiting for VoIP protocols.
Using protection profiles, you can customize types and levels of protection for
different firewall policies.
For example, while traffic between internal and external addresses might need
strict protection, traffic between trusted internal addresses might need moderate
protection. You can configure policies for different traffic services to use the same
or different protection profiles.
The FortiGate unit is preconfigured with four default protection profiles. In many
cases you can use these default protection profiles, or use them as a starting
point in creating your own.
Table 1: Default protection profiles
Strict Applies maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic.
The strict protection profile may not be useful under normal circumstances but
it is available when maximum protection is required.
Scan Apply virus scanning to HTTP, FTP, IMAP, POP3, and SMTP traffic.