Advanced configuration

Antivirus options

Configuring firewall policies

To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy, or select Create New to add a policy.

The source and destination Interface/Zone match the firewall policy with the source and destination of a communication session. The Address Name matches the source and destination address of the communication session.

Schedule defines when the firewall policy is enabled. While most policies are always on, you can configure a firewall policy so that it is only on at specific times of the day. For example, you may want to block news and entertainment sites most of the day, except during lunch or after work, enabling your employees to only view those sites during non-working times.

Service matches the firewall policy with the service used by a communication session. This enables you to configure a policy for general web surfing and a different policy specifically for other traffic such as SMTP mail or FTP uploads and downloads.

Action defines how the FortiGate unit processes traffic. Specify an action to accept or deny traffic or configure a firewall encryption policy.

Add ACCEPT policies that accept communication sessions. Using an accept policy, you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy.

Add DENY policies to deny communication sessions.

Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption policies determine which types of IP traffic will be permitted during an IPSec or SSL VPN session.

Select Protection Profile to include apply a protection profile to the firewall policy for scanning of traffic passing through the FortiGate unit.

For details on the firewall policies features and settings, see the FortiGate Administration Guide or the FortiGate Online Help.

Antivirus options

The FortiGate unit’s antivirus configuration prevents malicious files from entering and infecting your network environment.

The FortiGate unit uses a number of processes to scan files to ensure unwanted files and potential attackers do not get through. The FortiGate unit scans using these antivirus options:

File pattern - The FortiGate will check the file against the file pattern setting you have configured. You can set which file names or file types the FortiGate unit looks for in the incoming traffic.

Virus scan - The virus definitions are kept up to date through the FortiNet Distribution Network. The list is updated on a regular basis so you do not have to wait for a firmware upgrade. Note that you must register the FortiGate unit to and purchase FortiGuard services to use virus scanning through the FDN.

FortiGate-30B FortiOS 3.0 MR6 Install Guide

 

01-30006-0459-20080505

35

Page 34 Page 36
Page 35
Image 35
Fortinet 30B manual Antivirus options, Configuring firewall policies
Page 34 Page 36

30B specifications

Fortinet's FortiGate 30B is a compact yet powerful security appliance designed for small to medium-sized businesses and branch offices. This next-generation firewall (NGFW) integrates various security functions, helping organizations safeguard their networks without compromising on performance or ease of use.

One of the standout features of the FortiGate 30B is its robust security capabilities. It offers firewall protection, intrusion prevention systems (IPS), antivirus, web filtering, and application control, all in one device. This consolidated approach simplifies security management, enabling companies to deploy a range of protections without the need for multiple products.

The FortiGate 30B utilizes Fortinet's proprietary FortiOS operating system, which allows for centralized management and visibility into network traffic. With features like FortiView, administrators can gain insights into application usage, user activities, and security events, helping them make informed decisions to enhance their security posture.

Performance is another critical aspect of the FortiGate 30B. Equipped with Fortinet's purpose-built security processing units (SPUs), the device is designed to handle high throughput while maintaining low latency. This ensures that businesses can operate smoothly without facing interruptions caused by security measures.

Additionally, the FortiGate 30B supports advanced technologies such as VPN (Virtual Private Network) for secure remote access and SD-WAN (Software-Defined Wide Area Network) capabilities. This combination enables organizations to optimize their network performance and enhance connectivity between branch offices or remote workers, making it an ideal solution for today's flexible work environments.

A highlight of the FortiGate 30B is its ease of deployment. With a user-friendly interface and guided setup wizards, even those with limited IT experience can configure the device quickly. The included FortiCloud service allows for easy management and monitoring, further simplifying the administrative overhead.

Scalability is yet another critical characteristic of the FortiGate 30B. As businesses grow, they can easily expand their security infrastructure by integrating additional Fortinet solutions into their network, maintaining a cohesive security strategy without disrupting operations.

In summary, the FortiGate 30B offers a comprehensive, high-performance security solution for small and medium-sized organizations. With its integrated features, advanced technologies, and user-friendly management capabilities, it empowers businesses to protect their networks effectively while ensuring optimal performance and scalability for future growth.
Top Page Image Contents