Firewall Protection Profile Configuring a protection profile
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 495
http://docs.fortinet.com/ • Feedback
Blocked pages are replaced with a message indicating that the page is not accessible
according to the Internet usage policy. To configure replacement messages, go to
System > Config > Replacement Messages.
For more information on web filter configuration options, see “Web Filter” on page 549.
For details on how web URL filter lists are used with HTTP and HTTPS URLs, see “URL
formats” on page 558.
Character sets and Web content filtering, Email filtering banned word,
and DLP scanning
The FortiGate unit converts HTTP, HTTPS, and email content to the UTF-8 character set
before applying email filtering banned word checking, web filtering and DLP content
scanning as specified in the protection profile.
For email messages, while parsing the MIME content, the FortiGate unit converts the
content to UTF-8 encoding according to the email message charset field before applying
Email filtering banned word checking and DLP scanning.
For HTTP get pages, the FortiGate unit converts the content to UTF-8 encoding according
to the character set specified for the page before applying web content filtering and DLP
scanning.
For HTTP post pages, because character sets are not always accurately indicated in
HTTP posts, you can use the following CLI command to specify up to five character set
encodings.
config firewall profile
edit <profile_name>
set http-post-lang <charset1> [<charset2> ... <charset5>]
end
The FortiGate unit performs a forced conversion of HTTP post pages to UTF-8 for each
specified character set. After each conversion the FortiGate unit applies web content
filtering and DLP scanning to the content of the converted page.
To view the list of available character sets, enter set http-post-lang ? from within
the edit shell for the protection profile. Separate multiple character set names with a
space. You can add up to 5 character set names.
FortiGuard Web Filtering options
You can enable and apply FortiGuard Web Filtering options using a protection profile.
HTTP POST Action Select the action to take with HTTP POST traffic.
Normal Do not affect HTTP POST traffic.
Block Block HTTP POST requests. When the post request is blocked the
FortiGate unit sends a web page to the user’s web browser instead of
the requested POST page. You can configure the content of this web
page by going to from System > Config > Replacement Message by
customizing the HTTP > POST message.
Comfort Use the comfort amount and interval settings to send “comfort” bytes
to the server in case the client connection is too slow. Select this
option to prevent a server timeout when scanning or other filtering tool
is turned on.
Caution: Specifying multiple character sets reduces web filtering and DLP performance.
To Next Page
Loading...
Need help?
General