Configuring a protection profile Firewall Protection Profile
FortiGate Version 4.0 MR1 Administration Guide
502 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
You can also use protection profile DLP settings to:
• display DLP archive meta-information on the Log and Archive Statistics system
dashboard widget
• archive spam email (requires a FortiAnalyzer unit or the FortiGuard Analysis and
Management Service).
To configure DLP sensor options, go to Firewall > Protection Profile. Select Create New to
add a protection profile, or the Edit icon beside an existing protection profile. Then select
the Expand Arrow beside Data Leak Prevention Sensor. Select a DLP sensor, enter the
information as described below, and select OK.
For information about DLP, see “Data Leak Prevention” on page 583.
For information about character sets and DLP scanning, see “Character sets and Web
content filtering, Email filtering banned word, and DLP scanning” on page 495.
Figure 288: Data Leak Prevention Sensor options
Figure 289: Data Leak Prevention Sensor options (SSL content scanning inspection and
FortiAnalyzer unit configured)
Application Control options
You can apply application control options through a protection profile.
For more information about application control, see “Application Control” on page 603.
To configure application control options, go to Firewall > Protection Profile. Select Create
New to add a protection profile, or the Edit icon beside an existing protection profile. Then
select the Expand Arrow beside Application Control and select the application control
black/white list to add to the protection profile.
Data Leak
Prevention
Sensor
Select the check box and then specify the DLP sensor to add to the protection
profile. For more information, see “Adding and configuring a DLP sensor” on
page 584.
Display DLP
meta-
information on
the system
dashboard
For each protocol, select whether or not to display DLP archiving data in the
dashboard Log and Archive Statistics widget. You can select HTTP, HTTPS,
FTP, IMAP, POP3, and SMTP.
If your FortiGate unit supports SSL content scanning and inspection you can also
select IMAPS, POP3S, and SMTPS.
For more information about the Log and Archive Statistics widget, see “Log and
Archive Statistics” on page 117.
Archive
SPAMed emails
to
FortiAnalyzer/
FortiGuard
For each email protocol, select to archive email messages identified as spam by
FortiGate Email filtering or by FortiGuard Antispam. You must configure the
FortiGate unit to log to a FortiAnalyzer unit or enable the FortiGuard Analysis and
Management Service. For more information, see “Configuring spam email
message archiving” on page 593.
To Next Page
Loading...
Need help?
General