Fortinet FortiGate FortiGate-1000A Administration Manual page 246
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
Protection profile
246
firewall profile command keywords and variables
Keywords and
variables
ftp
{block
content-archive
no-content-summary
oversize
quarantine scan
splice}
http
{bannedword block
catblock
chunkedbypass
content-archive
no-content-summary
oversize
quarantine
rangeblock scan
scriptfilter
urlblock
urlexempt}
01-28011-0254-20051115
Description
Select the actions that this profile will
use for filtering FTP traffic for a policy.
• Enter splice to enable streaming
mode for FTP. When operating in
streaming mode, the FortiGate unit
simultaneously buffers a file for
scanning and uploads the file to an
FTP server. If a virus is detected, the
FortiGate unit stops the upload,
attempts to delete the partial file from
the FTP server, and displays a
replacement message for the user.
To delete the file successfully, the
server permissions must be set to
allow deletes. When downloading
files from an FTP server the
FortiGate unit sends 1 byte every 30
seconds to prevent the client from
timing out during scanning and
download. If a virus is detected, the
FortiGate unit stops the download
and displays a replacement
message for the user. The user must
then delete the partially downloaded
file. This partial file is harmless.
Enabling streaming mode reduces
timeouts when uploading and
downloading large files. When
streaming mode is disabled for ftp,
the FortiGate unit buffers the file for
scanning before uploading it to the
FTP server. If the file is clean, the
FortiGate unit allows the upload or
download to continue.
Enter all the actions you want this
profile to use. Use a space to separate
the options you enter. If you want to
remove an option from the list or add
an option to the list, you must retype
the list with the option removed or
added.
Select the actions that this profile will
use for filtering HTTP traffic for a
policy.
• Enter chunkedbypass to allow web
sites that use chunked encoding for
HTTP to bypass the firewall.
Chunked encoding means the HTTP
message body is altered to allow it to
be transferred in a series of chunks.
Use this feature at your own risk.
Malicious content could enter your
network if you allow web content to
bypass the firewall.
Enter all the actions you want this
profile to use. Use a space to separate
the options you enter. If you want to
remove an option from the list or add
an option to the list, you must retype
the list with the option removed or
added.
Firewall
Default
Availability
All models.
splice
No default. All models.
Fortinet Inc.
Advertisement
Table of Contents
