Firewall configuration | Content profiles |
|
|
Content profiles
Use content profiles to apply different protection settings for content traffic controlled by firewall policies. You can use content profiles to:
•Configure antivirus protection for HTTP, FTP, POP3, SMTP, and IMAP policies
•Configure web filtering for HTTP policies
•Configure email filtering for IMAP and POP3 policies
•Configure oversized file and email blocking for HTTP, FTP, POP3, SMTP, and IMAP policies
•Passing fragmented email for POP3, SMTP, and IMAP policies
Using content profiles you can build up protection configurations that can be easily applied to different types of Firewall policies. This allows you to customize different types and different levels of protection for different firewall policies.
For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure policies for different traffic services to use the same or different content profiles.
Content profiles can be added to NAT/Route mode and Transparent mode policies.
•Default content profiles
•Adding a content profile
•Adding a content profile to a policy
Default content profiles
The FortiGate unit has the following four default content profiles under Firewall >
Content Profile. You can use these existing content profiles or create your own:
Strict | To apply maximum content protection to HTTP, FTP, IMAP, POP3, and |
| SMTP content traffic. You would not use the strict content profile under |
| normal circumstances, but it is available if you are having extreme problems |
| with viruses and require maximum content screening protection. |
Scan | Apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content |
| traffic. Quarantine is also selected for all content services. On FortiGate |
| models with a hard drive, if antivirus scanning finds a virus in a file, the file is |
| quarantined on the FortiGate hard disk. If required, system administrators |
| can recover quarantined files. |
Web | Apply antivirus scanning and Web content blocking to HTTP content traffic. |
| You can add this content profile to firewall policies that control HTTP traffic. |
Unfiltered | Use the unfiltered content profile if you do not want to apply any content |
| protection to content traffic. You can add this content profile to firewall |
| policies for connections between highly trusted or highly secure networks |
| where content does not need to be protected. |
Adding a content profile
If the default content profiles do not provide the protection that you require, you can create new content profiles customized to your requirements.
1Go to Firewall > Content Profile.
2Select New.
197 |
