Configuring Ssl Content Scanning And Inspection - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
SSL content scanning and inspection
Configuring SSL content scanning and inspection
484
config firewall ssl setting
set caname Example_CA
end
The Example_CA signing CA certificate will now be used by SSL content scanning and
inspection for establishing encrypted SSL sessions.
If SSL content scanning and inspection is available on your FortiGate unit, you can
configure the following SSL content scanning and inspection settings:
Predefined firewall
The IMAPS, POP3S and SMTPS predefined services. You can select
these services in a firewall policy and a DoS policy. For more information,
services
see
Protocol Recognition
The TCP port numbers that the FortiGate unit inspects for HTTPS, IMAPS,
POP3S, and SMTPS. Go to Firewall > Protection Profile. Add or edit a
protection profile and configure Protocol Recognition for HTTPS, IMAPS,
POP3S, and SMTPS.
Using protocol recognition you can also configure the FortiGate unit to just
perform URL filtering of HTTPS or to use SSL content scanning and
inspection to decrypt HTTPS so that the FortiGate unit can also apply
Antivirus and DLP content inspection and DLP archiving to HTTPS. Using
SSL content scanning and inspection to decrypt HTTPS also allows you to
apply more web filtering and FortiGuard Web Filtering options to HTTPS.
For more information, see
Antivirus
Antivirus options including virus scanning, file filtering, and client
comforting for HTTPS, IMAPS, POP3S, and SMTPS.
Go to Firewall > Protection Profile. Add or edit a protection profile and
configure Anti-Virus for HTTPS, IMAPS, POP3S, and SMTPS. For more
information, see
Antivirus quarantine
Antivirus quarantine options to quarantine files in HTTPS, IMAPS, POP3S,
and SMTPS sessions.
Go to UTM > AntiVirus > Config. You can quarantine infected files,
suspicious files, and blocked files found in IMAPS, POP3S, and SMTPS
sessions. You can also quarantine infected files and suspicious files found
in HTTPS sessions. For more information, see
options" on page
Web Filtering
Web filtering options for HTTPS:
•
•
•
•
•
•
•
•
•
Go to Firewall > Protection Profile. Add or edit a protection profile and
configure Web Filtering for HTTPS. For more information, see
Filtering options" on page
Table 46, "Predefined services," on page
"Protocol recognition options" on page
"Anti-Virus options" on page
525.
Web Content Filter
Web Content Exempt
Web URL Filter
ActiveX Filter
Cookie Filter
Java Applet Filter
Web Resume Download Block
Block invalid URLs
HTTP POST Action
493.
FortiGate Version 4.0 MR1 Administration Guide
Firewall Protection Profile
428.
487.
489.
"Configuring quarantine
"Web
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
