Factory defaults

Table 10: Factory default firewall configuration

Configuration setting

Name

Description

 

 

 

Firewall policy

Internal ->External

Source: All Destination: All

Firewall address

All

Firewall address matches the source or

 

 

destination address of any packet.

 

 

 

Pre-defined service

More than 50

Select from any of the 50 pre-defined

 

predefined services

services to control traffic through the

 

 

FortiGate unit that uses that service.

 

 

 

Recurring schedule

Always

The recurring schedule is valid at any

 

 

time.

 

 

 

Protection Profiles

Strict, Scan, Web,

Control how the FortiGate unit applies

 

Unfiltered

virus scanning, web content filtering, spam

 

 

filtering, and IPS.

 

 

 

The factory default firewall configuration is the same in NAT/Route mode and Transparent mode.

Factory default protection profiles

Use protection profiles to apply different protection settings for traffic controlled by firewall policies. You can use protection profiles to:

configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

configure Web filtering for HTTP firewall policies

configure Web category filtering for HTTP firewall policies

configure spam filtering for IMAP, POP3, and SMTP firewall policies

enable the Intrusion Protection System (IPS) for all services

enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

By using protection profiles, you can build protection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure firewall policies for different traffic services to use the same or different protection profiles.

You can add Protection profiles to NAT/Route mode and Transparent mode firewall policies. The FortiGate unit includes four protection profiles.

Strict

To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP

 

traffic. You may not use the strict protection profile under normal

 

circumstances but it is available if you have problems with viruses and

 

require maximum screening.

Scan

To apply antivirus scanning and file quarantining to HTTP, FTP, IMAP,

 

POP3, and SMTP content traffic.

Web

To apply antivirus scanning and web content blocking to HTTP content

 

traffic. You can add this protection profile to firewall policies that control

 

HTTP traffic.

Unfiltered

To apply no scanning, blocking or IPS. Use if you do not want to apply

 

content protection to content traffic. You can add this protection profile to

 

firewall policies for connections between highly trusted or highly secure

 

networks where content does not need to be protected.

FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide

30

01-30004-0265-20070831

Page 30
Image 30
Fortinet 50A/50B, 100 manual Factory default protection profiles