Fortinet 400 36 , Factory default content profiles

36 Fortinet Inc.

Factory default FortiGate configuration settings Getting started

Factory default content profiles

You can use content profiles to apply different protection settings for content traffic

controlled by firewall policies. You can use content profiles for:

• Antivirus protection of HTTP, FTP, IMAP, POP3, and SMTP network traffic

• Web content filtering for HTTP network traffic

• Email filtering for IMAP and POP3 network traffic

• Oversized file and email blocking for HTTP, FTP, POP3, SMTP, and IMAP network

traffic

• Passing fragmented emails in IMAP, POP3, and SMTP email traffic

Using content profiles you can build up protection configurations that can be easily

applied to different types of Firewall policies. This allows you to customize different

types and different levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict

protection, traffic between trusted internal addresses might need moderate protection.

You can configure policies for different traffic services to use the same or different

content profiles.

Content profiles can be added to NAT/Route mode and Transparent mode policies.

Action ACCEPT The policy action. ACCEPT means that the policy

allows connections.

; NAT NAT is selected for the NAT/Route mode default

policy so that the policy applies network address

translation to the traffic processed by the policy.

NAT is not available for Transparent mode policies.

 Traffic Shaping Traffic shaping is not selected. The policy does not

apply traffic shaping to the traffic controlled by the

policy. You can select this option to control the

maximum or minimum amount of bandwidth

available to traffic processed by the policy.

 Authentication Authentication is not selected. Users do not have to

authenticate with the firewall before connecting to

their destination address. You can configure user

groups and select this option to require users to

authenticate with the firewall before they can

connect through the firewall.

 Antivirus & Web Filter Antivirus & Web Filter is not selected. This policy

does not include a content profile that applies

antivirus protection, web content filtering, or email

filtering to content traffic processed by this policy.

You can select this option and select a content

profile to apply different levels of content protection

to traffic processed by this policy.

 Log Traffic Log Traffic is not selected. This policy does not

record messages to the traffic log for the traffic

processed by this policy. You can configure

FortiGate logging and select Log Traffic to record all

connections through the firewall that are accepted

by this policy.

Table 4: Factory default firewall configuration (Continued)