Fortinet 50A/50B Benutzerhandbuch
FortiGate-50A/50B, FortiWiFi-50B and FortiGate-100 FortiOS 3.0 MR4 Install Guide
30
01-30004-0265-20070831
Factory defaults
Table 10: Factory default firewall configuration
The factory default firewall configuration is the same in NAT/Route mode and
Transparent mode.
Transparent mode.
Factory default protection profiles
Use protection profiles to apply different protection settings for traffic controlled by
firewall policies. You can use protection profiles to:
firewall policies. You can use protection profiles to:
• configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall
policies
• configure Web filtering for HTTP firewall policies
• configure Web category filtering for HTTP firewall policies
• configure spam filtering for IMAP, POP3, and SMTP firewall policies
• enable the Intrusion Protection System (IPS) for all services
• enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall
• configure Web category filtering for HTTP firewall policies
• configure spam filtering for IMAP, POP3, and SMTP firewall policies
• enable the Intrusion Protection System (IPS) for all services
• enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall
policies
By using protection profiles, you can build protection configurations that can be
applied to different types of firewall policies. This allows you to customize types
and levels of protection for different firewall policies.
applied to different types of firewall policies. This allows you to customize types
and levels of protection for different firewall policies.
For example, while traffic between internal and external addresses might need
strict protection, traffic between trusted internal addresses might need moderate
protection. You can configure firewall policies for different traffic services to use
the same or different protection profiles.
strict protection, traffic between trusted internal addresses might need moderate
protection. You can configure firewall policies for different traffic services to use
the same or different protection profiles.
You can add Protection profiles to NAT/Route mode and Transparent mode
firewall policies. The FortiGate unit includes four protection profiles.
firewall policies. The FortiGate unit includes four protection profiles.
Configuration setting Name
Description
Firewall policy
Internal -> External Source: All Destination: All
Firewall address
All
Firewall address matches the source or
destination address of any packet.
Pre-defined service
More than 50
predefined services
Select from any of the 50 pre-defined
services to control traffic through the
FortiGate unit that uses that service.
Recurring schedule
Always
The recurring schedule is valid at any
time.
Protection Profiles
Strict, Scan, Web,
Unfiltered
Control how the FortiGate unit applies
virus scanning, web content filtering, spam
filtering, and IPS.
Strict
To apply maximum protection to HTTP, FTP, IMAP, POP3, and SMTP
traffic. You may not use the strict protection profile under normal
circumstances but it is available if you have problems with viruses and
require maximum screening.
Scan
To apply antivirus scanning and file quarantining to HTTP, FTP, IMAP,
POP3, and SMTP content traffic.
Web
To apply antivirus scanning and web content blocking to HTTP content
traffic. You can add this protection profile to firewall policies that control
HTTP traffic.
Unfiltered
To apply no scanning, blocking or IPS. Use if you do not want to apply
content protection to content traffic. You can add this protection profile to
firewall policies for connections between highly trusted or highly secure
networks where content does not need to be protected.