Firewall Protection Profile
Configuring a protection profile
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
409
•
Quarantine
Select for each protocol to quarantine suspect files for later inspection
or submission to Fortinet for analysis.
This option appears only if the FortiGate unit has a hard drive or a
configured FortiAnalyzer unit, and will take effect only if you have first
enabled and configured the quarantine. For more information, see
.
Pass Fragmented Emails
Select to allow fragmented email for mail protocols (IMAP, POP3, and
SMTP as well as IMAPS, POP3S, and SMTPS if SSL content
scanning and inspection is supported). Fragmented email messages
cannot be scanned for viruses.
Comfort Clients
Select client comforting for the HTTP, FTP, and HTTPS protocols. See
“HTTP and FTP client comforting” on page 410
Interval
The time in seconds before client comforting starts sending data after
the download has begun, and also the time interval between sending
subsequent data.
Amount
The number of bytes sent at each interval.
Oversized File/Email
Select
Block
or
Pass
for files and email messages exceeding
configured thresholds for each protocol.
For email scanning, the oversize threshold refers to the final size of
the email, including attachments, after encoding by the email client.
Email clients can use a variety of encoding types; some result in larger
file sizes than the original attachment. The most common encoding,
base64, translates 3 bytes of binary data into 4 bytes of base64 data.
As a result, a file may be blocked or logged as oversized even if the
attachment is several megabytes smaller than the configured oversize
threshold.
Threshold
If the file is larger than the threshold value in megabytes, the file is
passed or blocked. The maximum threshold for scanning in memory is
10% of the FortiGate unit’s RAM.
Allow Invalid Server
Certificate
If your FortiGate unit supports SSL content scanning and inspection,
you can allow HTTPS, IMAPS, POP3S, and SMTPS sessions that
include an invalid server certificate. If these options are not selected,
HTTPS, IMAPS, POP3S, and SMTPS with invalid server certificates
are blocked. Use this feature to validate server certificates.
Quarantine Virus Sender
(to Banned Users List)
Select
Enabled
to quarantine or ban either the IP address of the
sender of the virus or the FortiGate interface that received the virus.
The sender’s IP address or the interface that received the virus is
added to the banned users list. For more information about the
banned user list including how to manage the duration of items and
how to remove them manually, see
“NAC quarantine and the Banned
.
Method
If a virus is found, select the method used to quarantine the virus
sender. You can select
Source IP Address
to add the sender’s source
IP address to the banned users list, or you can select
Virus’s Incoming
Interface
to add the interface that received the virus to the banned
user list.
Expires
Select
Indefinite
to permanently quarantine virus senders. Only a
FortiGate administrator can remove them from the banned users list.
Or, configure how long the virus sender remains on the banned user
list in minutes, hours, or days. A FortiGate administrator can manually
remove a virus sender from the banned user list before the expiry
time.
Add signature to outgoing
emails
Create and enable a signature to append to outgoing SMTP email
messages. The signature will also be appended to outgoing SMTPS
email messages if your FortiGate unit supports SSL content scanning
and inspection.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...