Advanced configuration Antivirus options
FortiGate Version 4.0 Desktop Install Guide
01-400-95522-20090501 31
http://docs.fortinet.com/ • Feedback
Configuring firewall policies
To add or edit a firewall policy go to Firewall > Policy and select Edit on an existing policy,
or select Create New to add a policy.
The Source Interface/Zone and Destination Interface/Zone match the firewall policy with
the source and destination of a communication session. The Address Name matches the
source and destination address of the communication session.
Schedule defines when the firewall policy is enabled. While most policies are always on,
you can configure a firewall policy so that it is only on at specific times of the day. For
example, you may want to block news and entertainment sites most of the day, except
during lunch or after work, enabling your employees to view those sites only during
non-working times.
Service matches the firewall policy with the service used by a communication session.
This enables you to configure a policy for general web surfing and a different policy
specifically for other traffic such as SMTP mail or FTP uploads and downloads.
Action defines how the Fortinet unit processes traffic. Specify an action to accept or deny
traffic or configure a firewall encryption policy.
•Add ACCEPT policies that accept communication sessions. Using an accept policy,
you can apply Fortinet features such as virus scanning and authentication to the
communication session accepted by the policy.
•Add DENY policies to deny communication sessions.
•Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and SSL VPN
encryption policies to enable SSL VPN traffic. Firewall encryption policies determine
which types of IP traffic will be permitted during an IPSec or SSL VPN session.
Select Protection Profile to include apply a protection profile to the firewall policy for
scanning of traffic passing through the Fortinet unit.
For details on the firewall policies features and settings, see the FortiGate Administration
Guide or the Fortinet Online Help.
Antivirus options
The Fortinet unit’s antivirus configuration prevents malicious files from entering and
infecting your network environment.
The Fortinet unit uses a number of processes to scan files to ensure unwanted files and
potential attackers do not get through. The Fortinet unit scans using these antivirus
options:
• File pattern - The Fortinet will check the file against the file pattern setting you have
configured. You can set which file names or file types the Fortinet unit looks for in the
incoming traffic.
• Virus scan - The virus definitions are kept up to date through the FortiNet Distribution
Network. The list is updated on a regular basis so you do not have to wait for a
firmware upgrade. Note that you must register the Fortinet unit to and purchase
FortiGuard services to use virus scanning through the FDN.
Note: On the FortiGate-110C and lower, default firewall policies are in place to enable the
flow of traffic right out of the box.
To Next Page
Loading...
Need help?
General