Getting started

Factory default protection profiles

 

 

Factory default protection profiles

Use protection profiles to apply different protection settings for traffic that is controlled by firewall policies. You can use protection profiles to:

Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

Configure Web filtering for HTTP firewall policies

Configure Web category filtering for HTTP firewall policies

Configure spam filtering for IMAP, POP3, and SMTP firewall policies

Enable the Intrusion Protection System (IPS) for all services

Enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall policies

Using protection profiles, you can build protection configurations that can be applied to different types of firewall policies. This allows you to customize types and levels of protection for different firewall policies.

For example, while traffic between internal and external addresses might need strict protection, traffic between trusted internal addresses might need moderate protection. You can configure firewall policies for different traffic services to use the same or different protection profiles.

Protection profiles can be added to NAT/Route mode and Transparent mode firewall policies.

The FortiGate unit comes preconfigured with four protection profiles.

Strict

To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP traffic.

 

You may not use the strict protection profile under normal circumstances but

 

it is available if you have problems with viruses and require maximum

 

screening.

Scan

To apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content

 

traffic. Quarantine is also selected for all content services. On FortiGate

 

models with a hard drive, if antivirus scanning finds a virus in a file, the file is

 

quarantined on the FortiGate local disk. If required, system administrators

 

can recover quarantined files.

Web

To apply antivirus scanning and web content blocking to HTTP content

 

traffic. You can add this protection profile to firewall policies that control

 

HTTP traffic.

Unfiltered

To apply no scanning, blocking or IPS. Use if you do not want to apply

 

content protection to content traffic. You can add this protection profile to

 

firewall policies for connections between highly trusted or highly secure

 

networks where content does not need to be protected.

FortiGate-500A Installation Guide

01-28005-0101-20041015

19

Page 18 Page 20
Page 19
Image 19
Fortinet Network Router, FORTIGATE, 500A, 127 manual Factory default protection profiles, Strict, Scan, Web, Unfiltered
Page 18 Page 20

500A, Network Router, 127, FORTIGATE specifications

Fortinet FortiGate 127 is an advanced network security appliance designed to deliver comprehensive protection to organizations while ensuring seamless network performance. As a part of Fortinet's leading next-generation firewall (NGFW) offerings, the FortiGate 127 integrates various essential features and technologies that are critical for modern network security.

One of the standout features of the FortiGate 127 is its ability to perform deep packet inspection. This technology enables the device to analyze and filter network traffic, identifying and mitigating threats such as malware, viruses, and intrusions in real-time. With a robust Threat Intelligence system, FortiGate utilizes FortiGuard Labs to provide continuous updates on emerging threats, equipping organizations with the necessary defense against sophisticated cyberattacks.

Another key technology included in the FortiGate 127 is integrated secure SD-WAN functionality. This feature allows organizations to optimize their wide-area network (WAN) connections, enhancing performance and reducing costs through intelligent traffic routing and real-time application visibility. By leveraging software-defined capabilities, businesses can ensure efficient use of their bandwidth, prioritize critical applications, and maintain high levels of uptime.

The FortiGate 127 also excels in providing advanced VPN support. With multiple VPN protocols such as IPsec and SSL, users can establish secure remote connections, facilitating safe access to corporate resources from anywhere. This is particularly important in today's remote work environment, where secure connectivity is essential for maintaining productivity while protecting sensitive data.

In terms of performance, the FortiGate 127 is equipped with high throughput capabilities, ensuring it can handle extensive network traffic without compromising speed or efficiency. Its multi-core architecture allows for parallel processing, which enhances overall performance and responsiveness.

Additionally, the device features an intuitive and user-friendly interface, enabling IT teams to easily manage and configure network policies. With centralized management options, administrators can efficiently oversee multiple FortiGate devices within their network, ensuring optimal visibility and control.

Overall, the Fortinet FortiGate 127 Network Router is a powerful solution for organizations seeking to bolster their security posture. With its combination of deep packet inspection, integrated SD-WAN functionality, advanced VPN support, and high-performance capabilities, it stands out as a vital asset in the modern cybersecurity landscape. It is an ideal choice for businesses aiming to protect their networks from the ever-evolving threat landscape while maintaining operational efficiency.
Top Page Image Contents