background image

Advanced configuration 

Web filtering

FortiGate-800 and FortiGate-800F FortiOS 3.0 MR6 Install Guide
01-30006-0455-20080910

35

Banned word lists are specific words that may be typically found in email. The 
FortiGate unit searches for words or patterns in email messages. If matches are 
found, values assigned to the words are totalled. If the defined threshold value is 
exceeded, the message is marked as spam. If no match is found, the email 
message is passed along to the next filter.

You configure banned words by going to 

Antispam > Banned Word

.

While FortiGuard services maintain a large list of known spammers, it is not 
perfect. In some cases, some mail tagged as spam is an individual you want to 
receive mail from, while email that is not caught by the spam filters or users you 
don’t want to receive email from gets through to your inbox.

White lists and black lists enable you to maintain a list of email addresses that you 
want (white list) or don’t want (black list) to receive email from. You can add or 
remove addresses from lists as required. The FortiGate unit uses both an IP 
address list and an email address list to filter incoming email, if enabled in the 
protection profile.

When performing an IP address list check, the FortiGate unit compares the IP 
address of the message's sender to the IP address list in sequence. If a match is 
found, the action associated with the IP address is taken. If no match is found, the 
message is passed to the next enabled spam filter.

When performing an email list check, the FortiGate unit compares the email 
address of the message's sender to the email address list in sequence. If a match 
is found, the action associated with the email address is taken. If no match is 
found, the message is passed to the next enabled antispam filter.

To configure black/white lists, go to 

AntiSpam > Black/White List

.

You enable antispam options for each mail service (POP3, IMAP and SMTP) in 
the protection profile. To configure antispam protection profile settings, go to 

Firewall > Protection Profile

. Select edit for a profile and select the Spam 

Filtering options.

For details on the antispam features and settings, see the 

FortiGate 

Administration Guide

 or the FortiGate Online Help.

Web filtering

Web filtering is a method of controlling what web sites are viewable by users. 
There are three main sections to web filtering: the Web Filter Content Block, the 
URL Filter, and the FortiGuard Web filter. Each interact with each other in such a 
way as to provide maximum control and protection for the Internet users.

Web filtering options are enabled and configured in the protection profile settings 
by going to 

Firewall > Protection Profile

. Select edit for a profile and selecting 

either the FortiGuard Web Filtering options or the Web Filtering options. You need 
to register your FortiGate unit and purchase FortiGuard services to use 
FortiGuard Web Filtering.

Content blocking enables you to specify file types and words that the FortiGate 
unit should block when encountered. With web content block enabled, every 
requested web page is checked against the content block list. The score value of 
each pattern appearing on the page is added, and if the total is greater than the 
threshold value set in the protection profile, the page is blocked.

Содержание FortiGate 800/800F

Страница 1: ...www fortinet com FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 I N S T A L L G U I D E...

Страница 2: ...c Threat Prevention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion...

Страница 3: ...talling 11 Environmental specifications 11 Cautions and warnings 12 Grounding 12 Rack mount instructions 12 Mounting 13 Plugging in the FortiGate 14 Connecting to the network 14 Turning off the FortiG...

Страница 4: ...nfiguration 27 Backing up the configuration 27 Restoring a configuration 28 Additional configuration 28 Set the time and date 28 Set the Administrator password 28 Configure FortiGuard 29 Updating anti...

Страница 5: ...006 0455 20080910 5 Installing firmware from a system reboot using the CLI 42 Restoring the previous configuration 44 Backup and Restore from a USB key 44 Using the USB Auto Install 45 Additional CLI...

Страница 6: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 6 01 30006 0455 20080910 Contents...

Страница 7: ...ed Threat Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based...

Страница 8: ...how to install and configure your FortiGate unit onto your network This document also includes how to install and upgrade new firmware versions on your FortiGate unit This document contains the follo...

Страница 9: ...rotection web content filtering and spam filtering and how to configure a VPN FortiGate online help Provides a context sensitive and searchable version of the Administration Guide in HTML format You c...

Страница 10: ...PN User Guide Explains how to configure a PPTP VPN using the web based manager FortiGate Certificate Management User Guide Contains procedures for managing digital certificates including generating ce...

Страница 11: ...n make sure that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and...

Страница 12: ...e rack environment may be greater than room ambient Therefore consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature Tma specified...

Страница 13: ...front portion of the FortiGate unit Ensure that the screws are tight and not loose The following photos illustrate how the brackets should be mounted Note that the screw configuration may vary dependi...

Страница 14: ...o the on position indicated by the I Connecting to the network Using the supplied Ethernet cable connect one end of the cable to your router or modem whatever the connection is to the Internet Connect...

Страница 15: ...T Route mode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible t...

Страница 16: ...ese tasks using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UN...

Страница 17: ...because the FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect t...

Страница 18: ...e default gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative di...

Страница 19: ...ns This route is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default...

Страница 20: ...h the FortiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users...

Страница 21: ...section Connecting to the CLI on page 17 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the...

Страница 22: ...et DNS server IP addresses are typically provided by your internet service provider To configure DNS server settings config system dns set autosvr enable disable set primary address_ip set secondary a...

Страница 23: ...ffic to flow through the FortiGate interfaces Firewall policies to define the FortiGate unit process the packets in a communication session You can configure the firewall policies to allow only specif...

Страница 24: ...Netmask address and the Default Gateway address The default gateway IP address is required to tell the FortiGate unit where to send network traffic to other networks 5 Select Apply Configure a DNS se...

Страница 25: ...ct OK Firewall policy configuration is the same in NAT Route mode and Transparent mode Note that these policies allow all traffic through No protection profiles have been applied Ensure you create add...

Страница 26: ...econdary DNS server IP addresses Adding firewall policies Firewall policies enable traffic to flow through the FortiGate interfaces Firewall policies define the FortiGate unit process the packets in a...

Страница 27: ...configured and working correctly it is extremely important that you back up your configuration By backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever rea...

Страница 28: ...tion While not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You...

Страница 29: ...registered your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates fo...

Страница 30: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 30 01 30006 0455 20080910 Additional configuration Configuring...

Страница 31: ...filtering spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limi...

Страница 32: ...rects the firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN...

Страница 33: ...policy you can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryp...

Страница 34: ...ng go to AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will u...

Страница 35: ...t compares the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is...

Страница 36: ...evolves You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add y...

Страница 37: ...ing the patch release before upgrading the firmware Follow the steps below download and review the release notes for the patch release download the patch release back up the current configuration inst...

Страница 38: ...ype the path and filename of the firmware image file or select Browse and locate the file 6 Select OK The FortiGate unit uploads the firmware image file upgrades to the new firmware version restarts a...

Страница 39: ...g since the FortiGate unit must recognize that the key is installed in its USB port To backup configuration 1 Go to System Maintenance Backup and Restore 2 Select USB Disk from the backup configuratio...

Страница 40: ...finitions included with the firmware release you are installing After you install new firmware make sure that antivirus and attack definitions are up to date You can also use the CLI command execute u...

Страница 41: ...lacement messages Before beginning this procedure it is recommended that you back up the FortiGate unit system configuration using the command execute backup config back up the IPS custom signatures u...

Страница 42: ...s Get image from tftp server OK Check image OK This operation will downgrade the current firmware version Do you want to continue y n 7 Type y The FortiGate unit reverts to the old firmware version re...

Страница 43: ...following message This operation will reboot the system Do you want to continue y n 7 Type y As the FortiGate unit starts a series of system startup messages appears When the following messages appea...

Страница 44: ...storing the previous configuration Change the internal interface address if required You can do this from the CLI using the following command config system interface edit interface set ip address_ip4m...

Страница 45: ...ommand config system auto install set default config file filename set auto intall config enable disable set default image file filename set auto install image enable disable end 3 Enter the following...

Страница 46: ...e on the same subnet as the internal interface To test the new firmware image 1 Connect to the CLI using a RJ 45 to DB 9 or null modem cable 2 Make sure the TFTP server is running 3 Copy the new firmw...

Страница 47: ...rver but make sure you do not use the IP address of another device on the network The following message appears Enter File Name image out 11 Enter the firmware image file name and press Enter The TFTP...

Страница 48: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 48 01 30006 0455 20080910 Testing new firmware before installing FortiGate Firmware...

Страница 49: ...rride 18 document conventions 8 documentation 9 domain name server configure 24 domain name server configure 19 22 downloading firmware 37 E earthing 12 execute shutdown 14 F firewall policies 20 23 3...

Страница 50: ...security certificate 17 shielded twisted pair 12 shut down 14 signatures update 29 static route 19 23 system reboot installing 42 T technical support 10 TFTP server 42 time and date 28 time zone 28 T...

Страница 51: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 51 01 30006 0455 20080910 Index...

Страница 52: ...FortiGate 800 and FortiGate 800F FortiOS 3 0 MR6 Install Guide 52 01 30006 0455 20080910 Index...

Страница 53: ...www fortinet com...

Страница 54: ...www fortinet com...

Отзывы: