Firewall configuration

Content profiles

 

 

Default content profiles

The FortiGate unit has the following four default content profiles that are displayed on the Firewall Content Profile page. You can use the default content profiles or create your own.

Strict

To apply maximum content protection to HTTP, FTP, IMAP, POP3, and

 

SMTP content traffic. You would not use the strict content profile under

 

normal circumstances but it is available if you have extreme problems with

 

viruses and require maximum content screening protection.

Scan

To apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content

 

traffic. Quarantine is also selected for all content services. On FortiGate

 

models with a hard disk, if antivirus scanning finds a virus in a file, the file is

 

quarantined on the FortiGate hard disk. If required, system administrators

 

can recover quarantined files.

Web

To apply antivirus scanning and web content blocking to HTTP content

 

traffic. You can add this content profile to firewall policies that control HTTP

 

traffic.

Unfiltered

Use if you do not want to apply content protection to content traffic. You can

 

add this content profile to firewall policies for connections between highly

 

trusted or highly secure networks where content does not need to be

 

protected.

Adding content profiles

If the default content profiles do not provide the protection that you require, you can create custom content profiles.

To add a content profile

1Go to Firewall > Content Profile.

2Select New.

3Type a Profile Name.

4Enable the antivirus protection options that you want.

Anti Virus Scan

Scan web, FTP, and email traffic for viruses and worms. See “Antivirus

 

scanning” on page 280.

File Block

Delete files with blocked file patterns even if they do not contain

 

viruses. Enable file blocking when a virus has been found that is so

 

new that virus scanning does not detect it. See “File blocking” on

 

page 281.

Quarantine

Quarantine blocked and infected files according to the quarantine

 

configuration.

Note: If both Anti Virus Scan and File Block are enabled, the FortiGate unit blocks files that match enabled file patterns before they are scanned for viruses.

5Enable the web filtering options that you want.

Web URL Block Block unwanted web pages and web sites. This option adds

FortiGate Web URL blocking (see “Configuring FortiGate Web URL blocking” on page 293), FortiGate Web Pattern blocking (see “Configuring FortiGate Web pattern blocking” on page 296), and Cerberian URL filtering (see “Configuring Cerberian URL filtering” on page 296) to HTTP traffic accepted by a policy.

FortiGate-800 Installation and Configuration Guide

219

Page 219
Image 219
Fortinet FortiGate-800 manual Default content profiles, Adding content profiles, 219