Manuals / Brands / Personal Care / Microscope & Magnifier / Fortinet / Personal Care / Microscope & Magnifier

Fortinet 5.0 Patch 6 - page 705

1 705

Download 705 pages, 9.1 Mb

Contents

Main W FortiWeb F Administration Guide PPLICATION A Page Table of contents Page Page Defining your web servers & load balancers............................................. 248 Secure connections (SSL/TLS) ................................................................... 277 Page Blocking known attacks & data leaks........................................................ 387 Advanced/optional system settings........................................................... 519 Page Page Appendix C: Supported RFCs, W3C, & IEEE standards............................ 671 Appendix D: Regular expressions............................................................... 673 Introduction Benefits Architecture Scope Page Whats new Page Page Page Page Page Key concepts Workflow Sequence of scans Page Page Page Solutions for specific web attacks HTTP/HTTPS threats Page Page Page Page DoS attacks Page HTTP sessions & security Page Page FortiWeb sessions vs. web application sessions Page Sessions & FortiWeb HA Example: Magento & FortiWeb sessions during failover HA heartbeat & synchronization Data that is not synchronized by HA Configuration settings that are not synchronized by HA Page How HA chooses the active appliance I How to use the web UI System requirements URL for access Workf low Permissions Page Page Page Trusted hosts Maximum concurrent administrator sessions Global web UI & CLI settings Page Page Page Buttons, menus, & the displays Page Deleting entries Renaming entries Shutdown Page How to set up your FortiWeb Appliance vs. VMware Registering your FortiWeb Planning the network topology How to choose the operation mode Supported features in each operation mode Matching topology with operation mode & HA mode Topology for reverse proxy mode Page Topology for either of the transparent modes Page Topology for offline protection mode Topologies for high availability (HA) clustering Page Page Connecting to the web UI or CLI Connecting to the web UI Page Connecting to the CLI Page Page Updating the firmware Testing new firmware before installing it Page Installing firmware Page Page Page Updating firmware on an HA pair Installing alternate firmware Page Page Booting from the alternate partition Page Page Changing the admin account password Setting the system time & date Page Page Setting the operation mode Page Page Configuring a high availability (HA) FortiWeb cluster Page Page Page Page Page Page Page Page Page Replicating the configuration without FortiWeb HA (external HA) Page Page Page Configuring the network settings Network interface or bridge? Page Configuring the network interfaces Page Page Page Page Page Page Link aggregation Page Configuring a bridge (V-zone) Page Page Adding a gateway Page Page Page Page Configuring DNS settings Page Page Page Connecting to FortiGuard services Page Page Page Choosing the virus signature database & decompression buffer Page Accessing FortiGuard via a web proxy How often does Fortinet provide FortiGuard updates for FortiWeb? Scheduling automatic signature updates Page Page Manually initiating update requests Page Uploading signature & geography-to-IP updates Page Configuring basic policies Example 1: Configuring a policy for HTTP via auto-learning Example 2: Configuring a policy for HTTPS Example 3: Configuring a policy for load balancing Auto-learning How to adapt auto-learning to dynamic URLs & unusual parameters Configuring URL interpreters Page Page Page Page Page Page Page Page Page Page Page Page Grouping URL interpreters Recognizing data types Predefined data types Page Page Page Grouping predefined data types Recognizing suspicious requests Predefined suspicious request URLs Configuring custom suspicious request URLs Grouping custom suspicious request URLs Grouping all suspicious request URLs Page Configuring an auto-learning profile Page Page Running auto-learning Pausing auto-learning for a URL Viewing auto-learning reports Using the report navigation pane Page Page Using the report display pane Page Page Page Page Page Page Page Page Page Generating a profile from auto-learning data Page Page Transitioning out of the auto-learning phase Removing old auto-learning data Testing your installation Reducing false positives Testing for vulnerabilities & exposure Expanding the initial configuration Page Switching out of offline protection mode Backups Page Page Page Restoring a previous configuration Page Administrators Page Page Page Configuring access profiles Page Grouping remote authentication queries for administrators Changing an administrators password Page Users Authentication styles Via the Authorization: header in the HTTP/HTTPS protocol Via forms embedded in the HTML Page Via a personal certificate Offloading HTTP authentication & authorization Page Configuring local end-user accounts Configuring queries for remote end-user accounts Configuring LDAP queries Page Page Page Page Configuring RADIUS queries Page Configuring NTLM queries Grouping users Page Applying user groups to an authorization realm Page Grouping authorization rules Page Page Single sign-on (SSO) Page Page Page Example: Enforcing complex passwords Defining your web servers & load balancers Protected web servers vs. protected/allowed host names Defining your protected/allowed HTTP Host: header names Page Defining your web servers Defining your web server by its IP address Page Defining your web server by its DNS domain name Configuring server up/down checks Page Grouping your web servers into server farms Page Page Page Page Page Routing based upon URL or Host: name Page Page Example: Routing according to URL/path Example: Routing according to the HTTP Host: field Defining your proxies, clients, & X-headers Indicating the original clients IP to back-end web servers Page Indicating to back-end web servers that the clients request was HTTPS Blocking the attackers IP, not your load balancer Page Page Configuring virtual servers on your FortiWeb Page Defining your network services Defining custom services Predefined services Enabling or disabling traffic forwarding to your servers Page Secure connections (SSL/TLS) Offloading vs. inspection Page Supported cipher suites & protocol versions Uploading trusted CAs certificates Page Grouping trusted CAs certificates How to offload or inspect HTTPS Page Generating a certificate signing request Page Page Page Uploading a server certificate Page Supplementing a server certificate with its signing chain Page How to apply PKI client authentication (personal certificates) Page Page Page Example: Generating & downloading a personal certificate from Microsoft Windows 2003 Server Page Page Page Page Page Page Page Page Example: Downloading the CAs certificate from Microsoft Windows 2003 Server Page Page Page Page Page Page Page Page Uploading the CAs certificate to FortiWebs trusted CA store Configuring FortiWeb to validate client certificates Page Revoking certificates Revoking certificates by OCSP query How to export/back up certificates & private keys Access control Restricting access to specific URLs Page Page Grouping access rules per combination of URL & Host: Combination access control & rate limiting Page Page Page Blacklisting & whitelisting clients Blacklisting source IPs with poor reputation Page Blacklisting countries & regions Page Page Page Blacklisting & whitelisting clients individually by source IP Page Blacklisting content scrapers, search engines, web crawlers, & other robots Rate limiting DoS prevention Configuring application-layer DoS protection Limiting the total HTTP request rate from an IP Page Page Page Page Limiting TCP connections per IP address by session cookie Page Page Preventing an HTTP request flood Page Page Page Configuring network-layer DoS protection Limiting TCP connections per IP address Page Page Preventing a TCP SYN flood Grouping DoS protection rules Page Preventing automated requests Page Page Example: Preventing email directory harvesting Configuring browser enforcement exceptions Preventing brute force logins Page Page Page Page Rewriting & redirecting Page Page Page Page Page Example: HTTP-to-HTTPS redirect Page Page Example: Full host name/URL translation Page Page Page Example: Sanitizing poisoned HTML Page Example: Inserting & deleting body text Example: Rewriting URLs using regular expressions Example: Rewriting URLs using variables Grouping rewriting & redirection rules Page Blocking known attacks & data leaks Page Page Page Page Page Page Page Page Page Page Configuring action overrides or exceptions to data leak & attack detection signatures Page Page Finding signatures that are disabled or Alert Only Defining custom data leak & attack signatures Page Page Page Page Example: ASP .Net version & other multiple server detail leaks Example: Zero-day XSS Page Example: Local file inclusion fingerprinting via Joomla Page Enforcing page order that follows application logic Page Page Page Specifying URLs allowed to initiate sessions Page Page Page Page Page Preventing zero-day attacks Validating parameters (input rules) Page Page Page Page Page Page Bulk changes to input validation rules Defining custom data types Preventing tampering with hidden inputs Page Page Page Page Page Specifying allowed HTTP methods Page Configuring allowed method exceptions Page HTTP/HTTPS protocol constraints Page Page Page Page Page Configuring HTTP protocol constraint exceptions Page Page Page Page Limiting file uploads Page Page Page Page Compression & decompression Configuring compression/decompression exemptions Configuring compression offloading Page Page Configuring decompression to enable scanning & rewriting Page Page Policies How operation mode affects server policy behavior Configuring the global object white list Page Page Uploading a custom error page Configuring a protection profile for inline topologies Page Page Page Page Page Page Page Page Configuring a protection profile for an out-of-band topology or asynchronous mode of operation Page Page Page Page Page Configuring a server policy Page Page Page Page Page Page Page Page Page Page Page Page Page Enabling or disabling a policy Anti-defacement Page Page Page Page Reverting a defaced web site Compliance Database security Authorization Preventing data leaks Vulnerability scans Preparing for the vulnerability scan Live web sites Network accessibility Traffic load & scheduling Scheduling web vulnerability scans Configuring vulnerability scan settings Page Page Page Page Running vulnerability scans Page Manually starting & stopping a vulnerability scan Viewing vulnerability scan reports Scan report contents Downloading vulnerability scan reports Page Advanced/optional system settings Changing the FortiWeb appliances host name Fail-to-wire for power loss/reboots Advanced settings Page Example: Setting a separate rate limit for shared Internet connections Page Monitoring your system The dashboard Page Page System Information widget Page FortiGuard Information widget Page Page Page CLI Console widget Page System Resources widget Attack Log Console widget Page Event Log Console widget Server Status widget Page Policy Sessions widget Operation widget RAID level & disk statuses Logging About logs & logging Log types Log severity levels Log rate limits Configuring logging Enabling log types, packet payload retention, & resource shortage alerts Page Page Configuring log destinations Page Page Obscuring sensitive data in the logs Page Configuring Syslog settings Configuring FortiAnalyzer policies Page Configuring triggers Viewing log messages Page Page Page Page Viewing a single log message as a table Viewing packet payloads Switching between Raw & Formatted log views Page Displaying & arranging log columns Filtering log messages Page Downloading log messages Page Deleting log files Coalescing similar attack log messages Searching attack logs Page Page Alert email Configuring email settings Page Configuring alert email for event logs Page SNMP traps & queries Configuring an SNMP community Page Page Page Page MIB support Reports Page Page Customizing the reports headers, footers, & logo Restricting the reports scope Page Choosing the type & format of a report profile Page Page Scheduling reports Selecting the reports file type & email delivery Page Viewing & downloading generated reports Data analytics Configuring policies to gather data Updating data analytics definitions Viewing web site statistics Page Page Page Page Page Bot analysis Monitoring currently blocked IPs FortiGuard updates Vulnerability scans Fine-tuning & best practices Hardening security Top ol og y Administrator access Page User access Signatures & patches Buffer hardening Page Enforcing valid, applicable HTTP Sanitizing HTML application inputs Improving performance System performance Antivirus performance Regular expression performance tips Page Logging performance Report performance Auto-learning performance Page Page Page Vulnerability scan performance Packet capture performance Improving fault tolerance Alerting the SNMP manager when HA switches the primary appliance Reducing false positives Page Page Page Regular backups Page Troubleshooting Too ls Ping & traceroute Log messages Diff Packet capture Page Page Page Page Diagnostic commands in the CLI How to troubleshoot Establishing a system baseline Determining the source of the problem Planning & access privileges Solutions by issue type Connectivity issues Checking hardware connections Examining the ARP table Checking routing Page Page Page Page Page Page Page Page Examining the routing table Checking port assignments Performing a packet trace Debugging the packet processing flow Checking the SSL/TLS handshake & encryption Resource issues Killing system-intensive processes Monitoring traffic load Preparing for attacks Login issues Checking user authentication policies When an administrator account cannot log in from a specific IP Remote authentication query failures Resetting passwords Data storage issues Bootup issues Hard disk corruption or failure Page Power supply failure Page Resetting the configuration Restoring firmware (clean install) Page Page Appendix A: Port numbers Page Page Appendix B: Maximum configuration values Maximum values on FortiWeb-VM Page Appendix C: Supported RFCs, W3C, & IEEE standards RFCs W3C standards Page Appendix D: Regular expressions Regular expression syntax Page Page Page Page What are back-references? Page Cookbook regular expressions Page Language support Page Index Symbols Numerics A Page B C Page D E F G H I J K L M N O P Page Page Q R S Page T U V W X Y Z