Firewall Protection Profile
Configuring a protection profile
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
411
•
IPS options
You can use the IPS options in a protection profile to enable IPS for the protection profile
and add an IPS sensor. To add an IPS sensor, go to
Firewall > Protection Profile
. Select
Create New
to add a protection profile, or the
Edit
icon beside an existing protection
profile. Then select the Expand Arrow beside
IPS
, select the check box to enable IPS,
select an IPS Sensor, and select
OK
.
For more information on IPS, see
“Intrusion Protection” on page 455
Figure 255: Protection Profile IPS options
Web Filtering options
Web filtering sorts millions of web pages into a wide range of categories that you can
allow, block or monitor. Content block uses words and patterns to block web pages
containing the words or patterns, URL filtering uses URLs and URL patterns to exempt or
block web pages from specific sources, and FortiGuard web filter provides many
additional categories by which to filter web traffic. In some instances, users may require
access to web sites that are blocked by a policy. An administrator can give the user the
ability to override the block for a specified period of time. For more information about
overrides, see
.
You can configure web filtering for HTTP and HTTPS traffic. If your FortiGate unit supports
SSL content scanning and inspection and if you have set
HTTPS Content Filtering Mode
in the
Protocol Recognition
part of this protection profile to
Deep Scan
, you can select the
same web filtering options for HTTPS and HTTP. For more information, see
scanning and inspection” on page 399
and
“Protocol recognition options” on page 405
.
Filters defined in the web filtering settings are turned on through a protection profile. To
configure web filtering options, go to
Firewall > Protection Profile
. Select
Create New
to
add a protection profile, or the
Edit
icon beside an existing protection profile. Then select
the Expand Arrow beside
Web Filtering
, enter the information as described below, and
select
OK
.
IPS
Select to enable and use the specified IPS sensor.
You cannot select denial of service (DoS) sensors through this option. For information on
configuring DoS sensors, see
Note:
Protection profile web filtering also includes FortiGuard Web Filtering. For
information about FortiGuard Web Filtering, see
“FortiGuard Web Filtering options” on
Note:
If your FortiGate unit does not support SSL content scanning and inspection, or if you
have set
HTTPS Content Filtering Mode
to
URL Filtering
, you can only select URL filtering
and blocking invalid URLs for HTTPS.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...