Firewall configuration | Content profiles |
|
|
Default content profiles
The FortiGate unit has the following four default content profiles that are displayed on the Firewall Content Profile page. You can use the default content profiles or create your own.
Strict | To apply maximum content protection to HTTP, FTP, IMAP, POP3, and |
| SMTP content traffic. You would not use the strict content profile under |
| normal circumstances but it is available if you have extreme problems with |
| viruses and require maximum content screening protection. |
Scan | To apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content |
| traffic. Quarantine is also selected for all content services. On FortiGate |
| models with a hard disk, if antivirus scanning finds a virus in a file, the file is |
| quarantined on the FortiGate hard disk. If required, system administrators |
| can recover quarantined files. |
Web | To apply antivirus scanning and web content blocking to HTTP content |
| traffic. You can add this content profile to firewall policies that control HTTP |
| traffic. |
Unfiltered | Use if you do not want to apply content protection to content traffic. You can |
| add this content profile to firewall policies for connections between highly |
| trusted or highly secure networks where content does not need to be |
| protected. |
Adding content profiles
If the default content profiles do not provide the protection that you require, you can create custom content profiles.
To add a content profile
1Go to Firewall > Content Profile.
2Select New.
3Type a Profile Name.
4Enable the antivirus protection options that you want.
Anti Virus Scan | Scan web, FTP, and email traffic for viruses and worms. See “Antivirus |
| scanning” on page 280. |
File Block | Delete files with blocked file patterns even if they do not contain |
| viruses. Enable file blocking when a virus has been found that is so |
| new that virus scanning does not detect it. See “File blocking” on |
| page 281. |
Quarantine | Quarantine blocked and infected files according to the quarantine |
| configuration. |
Note: If both Anti Virus Scan and File Block are enabled, the FortiGate unit blocks files that match enabled file patterns before they are scanned for viruses.
5Enable the web filtering options that you want.
Web URL Block Block unwanted web pages and web sites. This option adds
FortiGate Web URL blocking (see “Configuring FortiGate Web URL blocking” on page 293), FortiGate Web Pattern blocking (see “Configuring FortiGate Web pattern blocking” on page 296), and Cerberian URL filtering (see “Configuring Cerberian URL filtering” on page 296) to HTTP traffic accepted by a policy.
219 |
