Advanced configuration
Antivirus options
FortiGate-3600A FortiOS 3.0 MR6 Install Guide
01-30006-0457-20080318
37
Configuring firewall policies
To add or edit a firewall policy go to
Firewall > Policy
and select Edit on an
existing policy, or select Create New to add a policy.
The
source and destination Interface/Zone
match the firewall policy with the
source and destination of a communication session. The Address Name matches
the source and destination address of the communication session.
Schedule
defines when the firewall policy is enabled. While most policies are
always on, you can configure a firewall policy so that it is only on at specific times
of the day. For example, you may want to block news and entertainment sites
most of the day, except during lunch or after work, enabling your employees to
only view those sites during non-working times.
Service
matches the firewall policy with the service used by a communication
session. This enables you to configure a policy for general web surfing and a
different policy specifically for other traffic such as SMTP mail or FTP uploads and
downloads.
Action
defines how the FortiGate unit processes traffic. Specify an action to
accept or deny traffic or configure a firewall encryption policy.
• Add ACCEPT policies that accept communication sessions. Using an accept
policy, you can apply FortiGate features such as virus scanning and
authentication to the communication session accepted by the policy.
• Add DENY policies to deny communication sessions.
• Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and
SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption
policies determine which types of IP traffic will be permitted during an IPSec or
SSL VPN session.
Select
Protection Profile
to include apply a protection profile to the firewall policy
for scanning of traffic passing through the FortiGate unit.
For details on the firewall policies features and settings, see the
FortiGate
Administration Guide
or the FortiGate Online Help.
Antivirus options
The FortiGate unit’s antivirus configuration prevents malicious files from entering
and infecting your network environment.
The FortiGate unit uses a number of processes to scan files to ensure unwanted
files and potential attackers do not get through. The FortiGate unit scans using
these antivirus options:
• File pattern - The FortiGate will check the file against the file pattern setting
you have configured. You can set which file names or file types the FortiGate
unit looks for in the incoming traffic.
• Virus scan - The virus definitions are kept up to date through the FortiNet
Distribution Network. The list is updated on a regular basis so you do not have
to wait for a firmware upgrade. Note that you must register the FortiGate unit to
and purchase FortiGuard services to use virus scanning through the FDN.
Summary of Contents for FortiGate 3600A
Page 1: ...www fortinet com FortiGate 3600A FortiOS 3 0 MR6 I N S T A L L G U I D E ...
Page 6: ...FortiGate 3600A FortiOS 3 0 MR6 Install Guide 6 01 30006 0457 20080318 Contents ...
Page 61: ...FortiGate 3600A FortiOS 3 0 MR6 Install Guide 61 01 30006 0457 20080318 Index ...
Page 62: ...FortiGate 3600A FortiOS 3 0 MR6 Install Guide 62 01 30006 0457 20080318 Index ...
Page 63: ...www fortinet com ...
Page 64: ...www fortinet com ...