File Quarantine AntiVirus
FortiGate Version 4.0 MR1 Administration Guide
524 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Figure 305: New file filter
To add a file pattern or type go to UTM > AntiVirus > File Filter. Select the Edit icon for a
file filter catalog. Select Create New.
File Quarantine
FortiGate units with a local disk, or FortiGate unit with a single width AMC slot containing a
FortiGate-ASM-S08 module, or a FortiGate-ASM-SAS module can quarantine blocked
and infected files. View the file name and status information about the file in the
Quarantined Files list. Submit specific files and add file patterns to the AutoSubmit list so
they will automatically be uploaded to Fortinet for analysis.
FortiGate units can also quarantine blocked and infected files to a FortiAnalyzer unit. Files
stored on the FortiAnalyzer unit can also be viewed from the Quarantined Files list. To
configure quarantine to a FortiAnalyzer unit, go to Log & Report > Log Config > Log
Setting.
To configure and enable file quarantine
1 Go to UTM > AntiVirus > Config to configure the quarantine service and destination.
For details, see “Configuring quarantine options” on page 525.
2 Go to Firewall > Protection Profile > Antivirus to enable quarantine for required
protocols in the protection profiles. For details, see “Configuring a protection profile” on
page 486.
You can configure a protection profile to quarantine blocked and infected files from
HTTP, FTP, IMAP, POP3, SMTP, IM, and NNTP Traffic. If your FortiGate unit supports
SSL content scanning and inspection you can also quarantine blocked and infected
files from HTTPS, IMAPS, POP3S, and SMTPS traffic. To enable HTTPS quarantine
you must set HTTPS Content Filtering Mode to Deep Scan in the Protocol Recognition
part of the protection profile. For more information, see “SSL content scanning and
inspection” on page 481.
3 Go to Firewall > Policy and add the protection profile to a firewall policy.
Filter Type Select File Name Pattern if you want to add a file pattern; select File Type and then
select a file type from the supported file type list.
Pattern Enter the file pattern. The file pattern can be an exact file name or can include
wildcards. The file pattern can be 80 characters long.
File Type Select a file type from the list. For information about supported file types, see “Built-
in patterns and supported file types” on page 521.
Action Select an action from the drop down list: Block, Allow, or Intercept. For more
information about actions, see “File Filter” on page 521.
Enable Select to enable the pattern.
To Next Page
Loading...
Need help?
General