manualshive.com logo in svg

Fortinet FortiGate Voice 4.0 MR1, Руководство администратора

Fortinet FortiGate Voice 4.0 MR1 - это современное решение для обеспечения безопасности сети и голосовой связи. Для эффективного настройки и управления устройством, рекомендуется скачать бесплатное Руководство по администрированию с manualshive.com. Загрузите его прямо сейчас, чтобы использовать все возможности продукта.

Поделиться
Скачать
background image

Per-User Web Filtering 

Configuring web filtering

FortiClient Endpoint Security Version 4.0 MR1 Administration Guide
04-40001-99556-20090626

45

http://docs.fortinet.com/

 • 

Feedback

Defining web filter profiles

In the FortiClient Manager, go to 

Global Configuration > Web Filter Profile

. Click 

Create 

New

. Enter the following information and click 

OK

.

Configuring LDAP settings

FortiClient Manager uses LDAP protocol to retrieve information about Windows AD users 
and groups from the domain controller. 
Go to 

Settings > LDAP Group/User > LDAP Settings

 and click 

Create New

. Enter the 

following information and select 

OK

.

Assigning web filter profiles

You can assign web filter profiles to Windows groups and users.

To assign web filter profiles to groups

1

In the FortiClient Manager, go to 

Settings > LDAP Group/User > LDAP Group/User

.

2

From the 

LDAP Server

 list, select the Windows AD domain controller. 

3

Select 

Synchronize

.

4

Expand domains as needed to show groups.

5

From the 

Web Filter Profile

 list, select the profile you want to assign.

6

Select group(s) (each one has a check box) and then select 

Assign Profile

.

For each selected group, the 

Web Filter Profile

 column lists the assigned profile.

7

Repeat Step 

4

 through Step 

6

 for each web filter profile you want to assign.

Name

Enter a name for the profile.

Comments

Optionally, enter descriptive information about the profile.

Bypass URLs
Block URLs

Bypass URLs are allowed even if they are in a blocked category.
Block URLs are always blocked.
To add a URL, enter it in the field below the list and select 

Add

.

To remove a URL, select it in the list and then select 

Delete

.

Select category to 
block

Either select 

Select All

 or select individual categories to block. You can 

expand the categories to select specific sub-categories.

Select classification 
to block

Either select 

Select All

 or select individual classifications to block.

Name

Enter a name for this LDAP server. 

Server Name/IP

Enter the fully-qualified domain name or IP address of the Windows AD 

domain controller.

Server Port

Enter the port used to communicate with the LDAP server. The default is 

port 389. If needed, change the port to match the server.

BaseDN

Enter the Base Distinguished Name for the server. You can get this 

information from the server’s administrator.

BindDN

Enter the Bind Distinguished Name for the server. You can get this 

information from the server’s administrator.

Password

Enter the password required for logon to make queries.

Test Connection

Select this button to attempt a connection to the domain controller using the 

settings you have entered. The results of the connection test display below 

the button.

Содержание FortiGate Voice 4.0 MR1

Страница 1: ...FortiClient Endpoint Security Version 4 0 MR1 Administration Guide...

Страница 2: ...ASIC FortiBIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyz...

Страница 3: ...6 Standard FortiClient Installation 6 Single user installation 6 Multiple user installation 7 Custom Installer Packages 9 Overview 9 Creating a customized installer using FCRepackager 9 Creating the...

Страница 4: ...Configuring enterprise licenses 24 Creating enterprise client license keys 25 Deploying enterprise client license keys 25 Creating customized FortiClient installers 25 Corporate Security Policies 27...

Страница 5: ...nfiguring VPNs without FortiClient Endpoint Security 47 Overview 47 Using the FortiClient VPN Editor 47 Importing VPN tunnel settings 48 Configuring VPN tunnel settings 48 Configuring certificates for...

Страница 6: ...Contents FortiClient Endpoint Security Version 4 0 MR1 Administration Guide iv 04 40001 99556 20090626 http docs fortinet com Feedback...

Страница 7: ...and applications by setting up firewall policies apply Endpoint Network Application Control NAC to monitor and control applications running on endpoints use WAN Optimization to improve the efficiency...

Страница 8: ...e simple end user installations described in the FortiClient Endpoint Security User Guide Custom Installer Packages describes how to create a customized installation package to deploy to users in an o...

Страница 9: ...cumentation is available on the Fortinet Tools and Documentation CD shipped with your Fortinet product You do not receive this CD if you download the FortiClient application The documents on this CD a...

Страница 10: ...Customer service and technical support Introduction FortiClient Endpoint Security Version 4 0 MR1 Administration Guide 4 04 40001 99556 20090626 http docs fortinet com Feedback...

Страница 11: ...ws executable exe installer provides easy installation on a single computer by the end user Any existing FortiClient installation on the computer is upgraded The FortiClient Endpoint Security User Gui...

Страница 12: ...ter before installing the FortiClient application Installing on servers When installing FortiClient Endpoint Security on a server follow the antivirus guidelines for other products installed on the se...

Страница 13: ...istration Guide 04 40001 99556 20090626 7 http docs fortinet com Feedback Multiple user installation You can use the FortiGate s Web Config to manage the version of FortiClient endpoint control runnin...

Страница 14: ...Standard FortiClient Installation Installation FortiClient Endpoint Security Version 4 0 MR1 Administration Guide 8 04 40001 99556 20090626 http docs fortinet com Feedback...

Страница 15: ...le the installation wizard enable or disable update scheduling set update schedule randomly on install enable or disable upgrade of existing installation enable management by a FortiManager system and...

Страница 16: ...tTools zip file from the Fortinet Support Web site and extract the files into a folder 2 Ensure FortiClient is installed and configured with the desired settings The mst file is created based on your...

Страница 17: ...aged FortiClient computer receive push updates for antivirus definitions Mobile users might not always be able to connect to the FortiManager unit Optionally you can configure FortiClient to use the d...

Страница 18: ...1024 bits 15 1536 bits 2 2048 bits 3 3072 bits or 4 4096 bits Creating the custom MSI installation file With the sample application configured as you want for your users you can create a custom MSI in...

Страница 19: ...ying the customized FortiClient application You can distribute your new FortiClient msi file to users Users simply double click the file to begin installation On a Windows Advanced Server network you...

Страница 20: ...g run as you can apply the same transform file to future FortiClient releases If possible avoid modifying any other components FortiClient sub features do not support Advertised installations The foll...

Страница 21: ...e following command msiexec i path to package FortiClient msi TRANSFORMS custom_4 0 mst L v c log txt where path to package is the path to your package if not in the current directory There are no spa...

Страница 22: ...temp logfile txt Alternatively you can install the appropriate logging active directory group policies Language transforms The MST files that ship with the baseline FortiClient package are the Englis...

Страница 23: ...from which users can install the FortiClient application The FortiClient msi file is a compressed archive containing all of the needed files Creating an uncompressed set of installation files can impr...

Страница 24: ...specified in FMGRIP is automatically trusted and does not need to be added to the FMGTRUSTEDIPS value Configuring central management by specified FortiManager units Using installer command line option...

Страница 25: ...ller command line options you can enable discovery of FortiManager units and specify by IP address the FortiManager units from which the FortiClient application accepts central management The command...

Страница 26: ...hard disk image 1 Using an MSI FortiClient installer install and configure the FortiClient application to suit your requirements You can use a standard or a customized installation package 2 Right cl...

Страница 27: ...FortiClient searches the attachments for the words or patterns in your sensitive words list If any of the words or patterns are found FortiClient logs the message and can also block sending of the me...

Страница 28: ...Advanced Scenarios Custom Installer Packages FortiClient Endpoint Security Version 4 0 MR1 Administration Guide 22 04 40001 99556 20090626 http docs fortinet com Feedback...

Страница 29: ...s licensed by means of a license key entered into the application The license can be a single user or a volume license FortiManager does not manage this method of licensing but it can distribute the l...

Страница 30: ...rprise licensing To use enterprise licensing you need to 1 Obtain an Enterprise License from FortiCare and register it on your FortiManager unit For more information see Configuring enterprise license...

Страница 31: ...a name to identify the license 5 In the Seats Permitted field enter a number seats that is no larger than the maximum shown at the right 6 In the Expiry Date field enter a date that is no later than t...

Страница 32: ...key in some other way m installer_file where installer_file is the FortiClient msi installer file you used to create the model installation For example to customize the FortiClient installer at c Fort...

Страница 33: ...icy can require that any or all of the following features are enabled Antivirus real time protection Antispam Firewall Normal mode Web Filter This provides security when users connect to your corporat...

Страница 34: ...figure 3 From the FortiClient menu select VPN Security Policy 4 Select any of the following policies that you want to enforce Firewall must be enabled Realtime AV must be enabled Webfiltering must be...

Страница 35: ...d applications application detection You enable endpoint control in a FortiGate firewall policy When traffic attempts to pass through the firewall policy the FortiGate unit runs compliance checks on t...

Страница 36: ...tribution Network and FortiGuard Services Setting the FortiClient version By default FortiClient software is provided by FortiGuard Services and the latest version is the required version In your Fort...

Страница 37: ...oftware For information about uploading a FortiClient installer to your FortiGate unit see Uploading the FortiClient installer to your FortiGate unit on page 32 Custom URL Specify a URL for a server f...

Страница 38: ...estore forticlient tftp filename server_ip where filename is for example FortiClientSetup_4 0 2 msi and server_ip is the IP address of the TFTP server The TFTP server uploads the file to the FortiGate...

Страница 39: ...cannot access the internet until FortiClient is installed 4 Select the Additional Client Options check box and select the following options Antivirus enabled Checks that the FortiClient Endpoint Secur...

Страница 40: ...ck Create New 6 In the New Application Detection Entry area enter the following information See Table 2 on page 35 for the list of category definitions Category Select the applicable category Vendor S...

Страница 41: ...d log activity on a computer network including both legitimate use and attempts to access or use network assets in unauthorized fashion and to assess the status and security of the network Multimedia...

Страница 42: ...sets of information the structure being provided by the definition of fields or data objects and the utilization consisting of analysis synthesis and comparison across large quantities of such data Do...

Страница 43: ...on about creating firewall policies see the Firewall chapter of the FortiGate Administration Guide To apply an Endpoint Control Profile to a firewall policy 1 Go to Firewall Policy and select the Poli...

Страница 44: ...an view details such as the status FortiClient version detected applications and so on 4 Click Close 5 To allow temporary access to the endpoint select an entry and click Exempt Temporarily 6 In the T...

Страница 45: ...ew There are several ways to create VPN connections for remote users FortiClient FortiGate FortiManager Custom installation Configuring VPN connections using FortiClient FortiClient Endpoint Security...

Страница 46: ...ists of routes The routes are then installed on the user s computer at the top of its routing table If split tunneling is disabled the FortiGate unit will tell the VPN client to direct all traffic thr...

Страница 47: ...matic configuration When FortiClient users connect to the FortiGate gateway to download VPN policies they are challenged for a user name and password Configure the FortiGate unit as follows 1 Create a...

Страница 48: ...nfiguring the FortiGate gateway as a policy server Creating FortiClient VPNs FortiClient Endpoint Security Version 4 0 MR1 Administration Guide 42 04 40001 99556 20090626 http docs fortinet com Feedba...

Страница 49: ...for a computer with a limited number of users or if you decide to assign occasional users to a default web filter profile For information about configuring FortiClient web filtering see the Web Filte...

Страница 50: ...to the Managed clients list select Auto populate managed client list Otherwise select Add to temporary client list 5 Click Apply To search for FortiClient computer 1 In the FortiClient Manager go to C...

Страница 51: ...each web filter profile you want to assign Name Enter a name for the profile Comments Optionally enter descriptive information about the profile Bypass URLs Block URLs Bypass URLs are allowed even if...

Страница 52: ...AD domain controller 3 Select Synchronize 4 Select LDAP Users at the top left of the page 5 From the Domain list select the required domain 6 From the Web Filter Profile list select the profile you wa...

Страница 53: ...the FortiClient VPN package from the Fortinet Support web site at http support fortinet com The FortiClient VPN package contains the FortiClient VPN installer file 32 bit and 64 bit for several locale...

Страница 54: ...t VPN editor select the Tunnels tab 2 Select Import 3 In the Open window select one of the following file types a VPN policy package vpz a VPN policy files vpl a customized FortiClient installer file...

Страница 55: ...Set and enter the IP address Subnet Mask DNS Server and WINS Server addresses as required 3 Select OK To add additional remote networks to a connection In the Advanced Settings window do the followin...

Страница 56: ...ortiClient application Only the page names differ Refer to the Managing digital certificates section in the VPN chapter of the FortiClient Endpoint Security User Guide for detailed information about w...

Страница 57: ...Send XAuth credentials Set the security policy for the FortiClient VPN Retrieve status information configured tunnel list active tunnel name connected or not idle or not remaining key life current sec...

Страница 58: ...ol List1 is populated with the tunnel names List1 Clear For i LBound tunnelList To UBound tunnelList List1 AddItem tunnelList i Next Opening the VPN tunnel Use the Connect method to establish the tunn...

Страница 59: ...t any time you can programmatically determine which VPN connection is active using the GetActiveTunnel function like this TunnelName VPN1 GetActiveTunnel The returned string is empty if no VPN tunnel...

Страница 60: ...you set you must use the MakeSystemPolicyCompliant method Reading a security policy You can retrieve the security policy from the FortiClient application with the GetPolicy method This returns four b...

Страница 61: ...an ByVal bWF As Boolean OOCDialog Show 1 OOCDialog Text If bAV Then OOCDialog Text OOCDialog Text Antivirus n End If If bAS Then OOCDialog Text OOCDialog Text Antispam n End If If bFW Then OOCDialog T...

Страница 62: ...vePassword As Boolean Send XAuth credentials for the named connection User name Password True if password should be saved SetPolicy bAV As Boolean bAS As Boolean bFW As Boolean bWF As Boolean Set secu...

Страница 63: ...ore it is complete FortiClient will refuse to connect the VPN tunnel COMPLIANCE_POLIC Y OR together FW 0x1h AV 0x2h WF 0x4h AS 0x8h AL 0x10h 0 Sets the default corporate compliance policy When 0 Forti...

Страница 64: ...CO UNT 1 3 If this many consecutive heartbeats are not returned from FortiClient Manager FortiClient will assume the FortiClient Manager is not online FMGRIP a single ip address or a fqdn This is the...

Страница 65: ...After installation the features will self optimize in the background with no assistance required from the end user However the optimization is spread over a much longer period hours days Allowing Fort...

Страница 66: ...rtiClientID tool before creating the image WFLOGALLURLS 0 1 0 If this is set to 1 and WF is installed all URLs visited will be logged WANACCDBDIR any valid directory installatio n directory The direct...

Страница 67: ...2 custom installer packages 9 customer service 3 customization of FortiClient installer changing installer language 13 creating 15 deploying 13 Endpoint NAC distribution 16 for enterprise licensing 25...

Страница 68: ...ULTAPPACTION 58 H hide FortiTray installation option 11 HIDETRAY 58 I installation options block access unless firewall rule permits 12 disable web filter rating by IP address 11 disable XAUTH passwor...

Страница 69: ...ion 10 SWUPDATEREQUIRESADMIN 59 system requirements 1 T technical support 3 U UPDATEFAILOVERPORT 59 UPDATEFALLBACK 59 USESWUID 60 USESWUID installation option 20 V viewing corporate security policy 27...

Страница 70: ...Index FortiClient Endpoint Security Version 4 0 MR1 Administration Guide 64 04 40001 99556 20090626 http docs fortinet com Feedback...

Страница 71: ...www fortinet com...

Страница 72: ...www fortinet com...

Отзывы:

Нет отзывов

Похожие инструкции для FortiGate Voice 4.0 MR1

Бренды по названию

Популярные бренды

Загрузить еще бренды