Fortinet FORTIGATE-50B Instrução De Instalação
Advanced configuration
Antivirus options
FortiGate-50B FortiOS 3.0 MR6 Install Guide
01-30006-0444-20080131
01-30006-0444-20080131
31
Configuring firewall policies
To add or edit a firewall policy go to Firewall > Policy and select Edit on an
existing policy, or select Create New to add a policy.
existing policy, or select Create New to add a policy.
The source and destination Interface/Zone match the firewall policy with the
source and destination of a communication session. The Address Name matches
the source and destination address of the communication session.
source and destination of a communication session. The Address Name matches
the source and destination address of the communication session.
Schedule defines when the firewall policy is enabled. While most policies are
always on, you can configure a firewall policy so that it is only on at specific times
of the day. For example, you may want to block news and entertainment sites
most of the day, except during lunch or after work, enabling your employees to
only view those sites during non-working times.
always on, you can configure a firewall policy so that it is only on at specific times
of the day. For example, you may want to block news and entertainment sites
most of the day, except during lunch or after work, enabling your employees to
only view those sites during non-working times.
Service matches the firewall policy with the service used by a communication
session. This enables you to configure a policy for general web surfing and a
different policy specifically for other traffic such as SMTP mail or FTP uploads and
downloads.
session. This enables you to configure a policy for general web surfing and a
different policy specifically for other traffic such as SMTP mail or FTP uploads and
downloads.
Action defines how the FortiGate unit processes traffic. Specify an action to
accept or deny traffic or configure a firewall encryption policy.
accept or deny traffic or configure a firewall encryption policy.
• Add ACCEPT policies that accept communication sessions. Using an accept
policy, you can apply FortiGate features such as virus scanning and
authentication to the communication session accepted by the policy.
authentication to the communication session accepted by the policy.
• Add DENY policies to deny communication sessions.
• Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and
• Add IPSec encryption policies to enable IPSec tunnel mode VPN traffic and
SSL VPN encryption policies to enable SSL VPN traffic. Firewall encryption
policies determine which types of IP traffic will be permitted during an IPSec or
SSL VPN session.
policies determine which types of IP traffic will be permitted during an IPSec or
SSL VPN session.
Select Protection Profile to include apply a protection profile to the firewall policy
for scanning of traffic passing through the FortiGate unit.
for scanning of traffic passing through the FortiGate unit.
For details on the firewall policies features and settings, see the FortiGate
Administration Guide or the FortiGate Online Help.
Administration Guide or the FortiGate Online Help.
Antivirus options
The FortiGate unit’s antivirus configuration prevents malicious files from entering
and infecting your network environment.
and infecting your network environment.
The FortiGate unit uses a number of processes to scan files to ensure unwanted
files and potential attackers do not get through. The FortiGate unit scans using
these antivirus options:
files and potential attackers do not get through. The FortiGate unit scans using
these antivirus options:
• File pattern - The FortiGate will check the file against the file pattern setting
you have configured. You can set which file names or file types the FortiGate
unit looks for in the incoming traffic.
unit looks for in the incoming traffic.
• Virus scan - The virus definitions are kept up to date through the FortiNet
Distribution Network. The list is updated on a regular basis so you do not have
to wait for a firmware upgrade. Note that you must register the FortiGate unit to
and purchase FortiGuard services to use virus scanning through the FDN.
to wait for a firmware upgrade. Note that you must register the FortiGate unit to
and purchase FortiGuard services to use virus scanning through the FDN.