SSL content scanning and inspection Firewall Protection Profile
FortiGate Version 4.0 MR1 Administration Guide
484 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
config firewall ssl setting
set caname Example_CA
end
The Example_CA signing CA certificate will now be used by SSL content scanning and
inspection for establishing encrypted SSL sessions.
Configuring SSL content scanning and inspection
If SSL content scanning and inspection is available on your FortiGate unit, you can
configure the following SSL content scanning and inspection settings:
Predefined firewall
services
The IMAPS, POP3S and SMTPS predefined services. You can select
these services in a firewall policy and a DoS policy. For more information,
see Table 46, “Predefined services,” on page 428.
Protocol Recognition The TCP port numbers that the FortiGate unit inspects for HTTPS, IMAPS,
POP3S, and SMTPS. Go to Firewall > Protection Profile. Add or edit a
protection profile and configure Protocol Recognition for HTTPS, IMAPS,
POP3S, and SMTPS.
Using protocol recognition you can also configure the FortiGate unit to just
perform URL filtering of HTTPS or to use SSL content scanning and
inspection to decrypt HTTPS so that the FortiGate unit can also apply
Antivirus and DLP content inspection and DLP archiving to HTTPS. Using
SSL content scanning and inspection to decrypt HTTPS also allows you to
apply more web filtering and FortiGuard Web Filtering options to HTTPS.
For more information, see “Protocol recognition options” on page 487.
Antivirus Antivirus options including virus scanning, file filtering, and client
comforting for HTTPS, IMAPS, POP3S, and SMTPS.
Go to Firewall > Protection Profile. Add or edit a protection profile and
configure Anti-Virus for HTTPS, IMAPS, POP3S, and SMTPS. For more
information, see “Anti-Virus options” on page 489.
Antivirus quarantine Antivirus quarantine options to quarantine files in HTTPS, IMAPS, POP3S,
and SMTPS sessions.
Go to UTM > AntiVirus > Config. You can quarantine infected files,
suspicious files, and blocked files found in IMAPS, POP3S, and SMTPS
sessions. You can also quarantine infected files and suspicious files found
in HTTPS sessions. For more information, see “Configuring quarantine
options” on page 525.
Web Filtering Web filtering options for HTTPS:
• Web Content Filter
• Web Content Exempt
• Web URL Filter
• ActiveX Filter
• Cookie Filter
• Java Applet Filter
• Web Resume Download Block
• Block invalid URLs
• HTTP POST Action
Go to Firewall > Protection Profile. Add or edit a protection profile and
configure Web Filtering for HTTPS. For more information, see “Web
Filtering options” on page 493.
To Next Page
Loading...
Need help?
General