background image

FortiGate-50B FortiOS 3.0 MR6 Install Guide

32

01-30006-0444-20080131

AntiSpam options

Advanced configuration

• Grayware - These are unsolicited commercial software programs that are 

installed on computers, often without the user's consent or knowledge. 
Grayware programs are generally considered an annoyance, but these 
programs can cause system performance problems or be used for malicious 
ends. The FortiGate unit scans for known grayware executable programs in 
each enabled category.

• Heuristics - The FortiGate heuristic antivirus engine performs tests on the file 

to detect virus-like behavior or known virus indicators. In this way, heuristic 
scanning may detect new viruses, but may also produce some false positive 
results.

The antivirus elements work in sequence to give you an efficient method of 
scanning incoming files. The first three elements have specific functions, the 
fourth, the heuristics, is to cover any new previously unknown virus threats. The 
four elements work together to offer your network unparalleled antivirus 
protection. To ensure that your system is providing the most protection available, 
all virus definitions and signatures are up dated regularly through the FortiGuard 
antivirus services.

To configure the file patterns that the FortiGate scans, go to 

AntiVirus > File 

Filter

To enable grayware blocking, go to 

AntiVirus > Config > Grayware

.

Antivirus settings are turned on in the protection profile. In the protection profile 
you can enable antivirus options for specific services and which services will use 
the file patterns as a part of the antivirus process.

To configure antivirus protection profile settings, go to 

Firewall > Protection 

Profile

. Select edit for a profile and select the Anti-Virus options.

For details on the antivirus features and settings, see the 

FortiGate Administration 

Guide

 or the FortiGate Online Help.

AntiSpam options

The FortiGate unit’s antispam feature detects unsolicited commercial email by 
identifying spam email messages and spam transmissions from known or 
suspected spam servers.

This feature requires a FortiGuard subscription and a registered FortiGate unit. 
When the FortiGate unit receives an email message, it verifies with the FortiGuard 
server whether it is a valid email or a spam message. FortiGuard Antispam is one 
of the features designed to manage spam. FortiGuard is an antispam system from 
Fortinet that includes an IP address black list, a URL black list, and spam filtering 
tools. The FortiGuard Center accepts submission of spam email messages as well 
as well as reports of false positives.

Depending on how you configure the FortiGate unit, the FortiGate unit will either 
tag the message with text so you can easily identify the spam, or delete the 
message before it reaches the recipient.

The FortiGate unit also enables you to create your own spam filters using banned 
words and black/white lists.

Содержание FortiGate FortiGate-50B

Страница 1: ...www fortinet com FortiGate 50B FortiOS 3 0 MR6 I N S T A L L G U I D E...

Страница 2: ...evention System DTPS APSecure FortiASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard...

Страница 3: ...ecifications 9 Cautions and warnings 10 Grounding 10 Rack mount instructions 10 Mounting 11 Plugging in the FortiGate 11 Connecting to the network 11 Turning off the FortiGate unit 12 Configuring 13 N...

Страница 4: ...up the configuration 25 Restoring a configuration 26 Additional configuration 26 Set the time and date 26 Set the Administrator password 26 Configure FortiGuard 27 Updating antivirus and IPS signature...

Страница 5: ...1 Contents Installing firmware from a system reboot using the CLI 40 Restoring the previous configuration 42 Backup and Restore from a USB key 42 Using the USB Auto Install 42 Additional CLI Commands...

Страница 6: ...FortiGate 50B FortiOS 3 0 MR6 Install Guide 4 01 30006 0444 20080131 Contents...

Страница 7: ...Management System uses Fortinet s Dynamic Threat Prevention System DTPS technology which leverages breakthroughs in chip design networking security and content analysis The unique ASIC based architec...

Страница 8: ...de new firmware versions on your FortiGate unit This document contains the following chapters Installing Describes setting up and powering on a FortiGate unit Configuring Provides an overview of the o...

Страница 9: ...archable version of the Administration Guide in HTML format You can access online help from the web based manager as you work FortiGate CLI Reference Describes how to use the FortiGate CLI and contain...

Страница 10: ...te requests installing signed certificates importing CA root certificates and certificate revocation lists and backing up and restoring installed certificates and private keys FortiGate VLANs and VDOM...

Страница 11: ...e that the appliance has at least 1 5 in 3 75 cm of clearance on each side to allow for adequate air flow and cooling This device complies with part FCC Class A Part 15 UL CUL C Tick CE and VCCI Opera...

Страница 12: ...ation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technici...

Страница 13: ...tiGate unit Adhere the rubber feet included in the package to the underside of the FortiGate unit near the corners of the device Place the FortiGate unit on any flat stable surface Ensure the unit has...

Страница 14: ...ays shut down the FortiGate operating system properly before turning off the power switch to avoid potential hardware problems To power off the FortiGate unit 1 From the web based manager go to System...

Страница 15: ...ode and Transparent mode Both include the same robust network security features such as antispam antivirus VPN and firewall policies NAT mode In NAT Route mode the FortiGate unit is visible to the net...

Страница 16: ...using the web based manger a GUI interface using a current web browser such as FireFox or Internet Explorer using the command line interface CLI a command line interface similar to DOS or UNIX command...

Страница 17: ...e FortiGate unit redirects the connection This is an informational message Select OK to continue logging in 4 Type admin in the Name field and select Login Connecting to the CLI To connect to the Fort...

Страница 18: ...gateway retrieved from the DHCP server The administrative distance specifies the relative priority of a route when there are multiple routes to the same destination A lower administrative distance ind...

Страница 19: ...oute is called the static default route If no other routes are present in the routing table and a packet needs to be forwarded beyond the FortiGate unit the factory configured static default route cau...

Страница 20: ...tiGate interfaces Firewall policies define how the FortiGate unit processes the packets in a communication session You can configure the firewall policies to allow only specific traffic users and spec...

Страница 21: ...onnecting to the CLI on page 15 before beginning Configure the interfaces When shipped the FortiGate unit has a default address of 192 168 1 99 and a netmask of 255 255 255 0 for either the Port 1 or...

Страница 22: ...rver IP addresses are typically provided by your internet service provider To configure DNS server settings config system dns set autosvr enable disable set primary address_ip set secondary address_ip...

Страница 23: ...ow through the FortiGate interfaces Firewall policies to define the FortiGate unit process the packets in a communication session You can configure the firewall policies to allow only specific traffic...

Страница 24: ...address and the Default Gateway address The default gateway IP address is required to tell the FortiGate unit where to send network traffic to other networks 5 Select Apply Configure a DNS server A DN...

Страница 25: ...wall policy configuration is the same in NAT Route mode and Transparent mode Note that these policies allow all traffic through No protection profiles have been applied Ensure you create additional fi...

Страница 26: ...NS server IP addresses Adding firewall policies Firewall policies enable traffic to flow through the FortiGate interfaces Firewall policies define the FortiGate unit process the packets in a communica...

Страница 27: ...d and working correctly it is extremely important that you back up your configuration By backing up the configuration you ensure that if you need to reset the FortiGate unit for whatever reason you wi...

Страница 28: ...not mandatory they will help in ensuring better control with the firewall Set the time and date For effective scheduling and logging the FortiGate system date and time must be accurate You can either...

Страница 29: ...ed your FortiGate unit you can update antivirus and IPS signatures The FortiGuard Center enables you to receive push updates allow push update to a specific IP address and schedule updates for daily w...

Страница 30: ...FortiGate 50B FortiOS 3 0 MR6 Install Guide 28 01 30006 0444 20080131 Additional configuration Configuring...

Страница 31: ...spam filtering content archiving instant messaging filtering and access control P2P access and bandwidth control logging options for policies and configurations within the policies rate limiting for V...

Страница 32: ...firewall action for the connection The action can be to allow the connection deny the connection require authentication before the connection is allowed or process the packet as an IPSec VPN connecti...

Страница 33: ...ou can apply FortiGate features such as virus scanning and authentication to the communication session accepted by the policy Add DENY policies to deny communication sessions Add IPSec encryption poli...

Страница 34: ...AntiVirus Config Grayware Antivirus settings are turned on in the protection profile In the protection profile you can enable antivirus options for specific services and which services will use the fi...

Страница 35: ...the email address of the message s sender to the email address list in sequence If a match is found the action associated with the email address is taken If no match is found the message is passed to...

Страница 36: ...You need to have a FortiGuard subscription to take advantage of FortiGuard web filtering The FortiGate unit also enables you to override the FortiGuard filtering designation and you can add your own T...

Страница 37: ...tem reboot using the CLI Testing new firmware before installing Downloading firmware Firmware images for all FortiGate units is available on the Fortinet Customer Support web site You must register yo...

Страница 38: ...able to restore the previous configuration from the backup configuration file To revert to a previous firmware version 1 Copy the firmware image file to the management computer 2 Log into the FortiGa...

Страница 39: ...ur system settings before shutting down or rebooting your FortiGate unit To configure the USB Auto Install 1 Go to System Maintenance Backup and Restore 2 Select the blue arrow to expand the Advanced...

Страница 40: ...FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the IP address of the TFTP server is 192 168 1 168 execute...

Страница 41: ...sure the FortiGate unit can connect to the TFTP server You can use the following command to ping the computer running the TFTP server For example if the TFTP server s IP address is 192 168 1 168 exec...

Страница 42: ...To use this procedure you must connect to the CLI using the FortiGate console port and a RJ 45 to DB 9 or null modem cable This procedure reverts the FortiGate unit to its factory default configuratio...

Страница 43: ...erver F Format boot device Q Quit menu and continue to boot with default firmware H Display this list of options Enter G F Q or H 8 Type G to get to the new firmware image form the TFTP server The fol...

Страница 44: ...SB port To backup configuration using the CLI 1 Log into the CLI 2 Enter the following command to backup the configuration files exec backup config usb filename 3 Enter the following command to check...

Страница 45: ...ng the new firmware image with the current configuration This new firmware image is not permanently installed The next time the FortiGate unit restarts it operates with the originally installed firmwa...

Страница 46: ...es appears Press any key to display configuration menu 7 Immediately press any key to interrupt the system startup If you successfully interrupt the startup process the following messages appears G Ge...

Страница 47: ...e following appears Save as Default firmware Backup firmware Run image without saving D B R 12 Type R The FortiGate image is installed to system memory and the FortiGate unit starts running the new fi...

Страница 48: ...FortiGate 50B FortiOS 3 0 MR6 Install Guide 46 01 30006 0444 20080131 Testing new firmware before installing FortiGate Firmware...

Страница 49: ...in name server configure 22 domain name server configure 17 20 downloading firmware 35 E earthing 11 execute shutdown 12 F firewall policies 18 21 30 firmware backup and restore from USB 42 download 3...

Страница 50: ...hut down 12 signatures update 27 static route 17 21 system reboot installing 40 T technical support 8 TFTP server 40 time and date 26 time zone 26 Transparent mode 14 switching to 22 typographic conve...

Страница 51: ...www fortinet com...

Страница 52: ...www fortinet com...

Отзывы: