Fortinet FortiGate Series Administration Manual page 491

Firewall Protection Profile
HTTP and FTP client comforting
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Pass Fragmented Emails Select to allow fragmented email for mail protocols (IMAP, POP3, and
Comfort Clients
Interval
Amount
Oversized File/Email
Threshold
Allow Invalid Server
Certificate
Quarantine Virus Sender
(to Banned Users List)
Method
Expires
Add signature to outgoing
emails
In general, client comforting provides a visual display of progress for web page loading or
HTTP or FTP file downloads. Client comforting does this by sending the first few packets
of the file or web page being downloaded to the client at configured time intervals so that
the client is not aware that the download has been delayed. The client is the web browser
or FTP client. Without client comforting, clients and their users have no indication that the
download has started until the FortiGate unit has completely buffered and scanned the
download. During this delay users may cancel or repeatedly retry the transfer, thinking it
has failed.
SMTP as well as IMAPS, POP3S, and SMTPS if SSL content
scanning and inspection is supported). Fragmented email messages
cannot be scanned for viruses.
Select client comforting for the HTTP, FTP, and HTTPS protocols. See
"HTTP and FTP client comforting" on page
The time in seconds before client comforting starts sending data after
the download has begun, and also the time interval between sending
subsequent data.
The number of bytes sent at each interval.
Select Block or Pass for files and email messages exceeding
configured thresholds for each protocol.
For email scanning, the oversize threshold refers to the final size of
the email, including attachments, after encoding by the email client.
Email clients can use a variety of encoding types; some result in larger
file sizes than the original attachment. The most common encoding,
base64, translates 3 bytes of binary data into 4 bytes of base64 data.
As a result, a file may be blocked or logged as oversized even if the
attachment is several megabytes smaller than the configured oversize
threshold.
If the file is larger than the threshold value in megabytes, the file is
passed or blocked. The maximum threshold for scanning in memory is
10% of the FortiGate unit's RAM.
If your FortiGate unit supports SSL content scanning and inspection,
you can allow HTTPS, IMAPS, POP3S, and SMTPS sessions that
include an invalid server certificate. If these options are not selected,
HTTPS, IMAPS, POP3S, and SMTPS with invalid server certificates
are blocked. Use this feature to validate server certificates.
Select Enabled to quarantine or ban either the IP address of the
sender of the virus or the FortiGate interface that received the virus.
The sender's IP address or the interface that received the virus is
added to the banned users list. For more information about the
banned user list including how to manage the duration of items and
how to remove them manually, see
User list" on page 678.
If a virus is found, select the method used to quarantine the virus
sender. You can select Source IP Address to add the sender's source
IP address to the banned users list, or you can select Virus's Incoming
Interface to add the interface that received the virus to the banned
user list.
Select Indefinite to permanently quarantine virus senders. Only a
FortiGate administrator can remove them from the banned users list.
Or, configure how long the virus sender remains on the banned user
list in minutes, hours, or days. A FortiGate administrator can manually
remove a virus sender from the banned user list before the expiry
time.
Create and enable a signature to append to outgoing SMTP email
messages. The signature will also be appended to outgoing SMTPS
email messages if your FortiGate unit supports SSL content scanning
and inspection.
Configuring a protection profile
491.
"NAC quarantine and the Banned
491