Anti-Virus Options - Fortinet FortiGate Series Administration Manual

Firewall Protection Profile

Anti-Virus options

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
HTTPS Content Filtering Mode If your FortiGate unit supports SSL content scanning and
URL Filtering
Deep Scan (Decryption on
SSL Traffic)
Protocol
Monitored Ports
Edit icon
Inspect All Ports
Specify Ports
You can apply antivirus options through a protection profile for the HTTP, SMTP, POP3,
IMAP, NNTP, and content protocols.
If your FortiGate unit includes SSL content inspection and filtering, you can also apply
antivirus scanning options through a protection profile for HTTPS, IMAPS, POP3S, and
SMTPS content protocols. For more information, see
inspection" on page 481.
Note: You cannot select Anti-Virus options for HTTPS if under protocol recognition HTTPS
Content Filtering Mode is set to URL Filtering. For more information, see
recognition options" on page
To configure antivirus options, go to Firewall > Protection Profile. Select Create New to
add a protection profile, or the Edit icon beside an existing protection profile. Then select
the Expand Arrow beside Anti-Virus, enter the information as described below, and select
OK. For more antivirus configuration options, see
inspection, you can select the content filtering mode used for
HTTPS traffic. The mode can be:
This option limits HTTPS content filtering to URL filtering only. If
you select this option the FortiGate unit does not perform SSL
content scanning and inspection of HTTPS traffic. Instead the
FortiGate unit just applies web filtering to HTTPS URLs. Also, if
you select URL Filtering, you cannot select any Anti-Virus options
for HTTPS. Under Web Filtering you can select only Web URL
Filter and Block invalid URLs for HTTPS. Selecting URL Filtering
also limits the FortiGuard Web Filtering options that you can
select for HTTPS.
Select this option to apply full SSL content scanning and
inspection of HTTPS traffic.
The names of the content protocols that you can configure
recognition for: HTTP, HTTPS, SMTP, POP3, IMAP, NNTP, and
FTP.
If your FortiGate unit supports SSL content scanning and
inspection the content protocols also include SMTPS, POP3S,
and IMAPS.
The port numbers that the protection profile monitors for each
content protocol. You can select multiple port numbers to monitor
for each content protocol. For HTTP, SMTP, POP3, IMAP, NNTP,
and FTP you can also select Inspect All Ports to monitor all ports
for these content protocols. Monitoring all ports means the
protection profile uses protocol recognition techniques to
determine the protocol of a communication session independent
of the port number that the session uses.
Select Edit for a content protocol to configure how the protection
profile monitors traffic for that content protocol. Select one of the
following options:
Select to monitor all ports for the content protocol. This option is
available for HTTP, SMTP, POP3, IMAP, NNTP, and FTP.
Select this option and then enter the port numbers to monitor for
the content protocol. You can specify up to 20 ports for each
content protocol.
"SSL content scanning and
487.
"AntiVirus" on page
Configuring a protection profile
"Protocol
517.
489