Fortinet FortiGate Series Administration Manual page 526

File Quarantine
526
You can configure quarantine options for HTTP, FTP, IMAP, POP3, SMTP, IM, and NNTP
Traffic. If your FortiGate unit supports SSL content scanning and inspection you can also
quarantine blocked and infected files from HTTPS, IMAPS, POP3S, and SMTPS traffic.
To enable HTTPS quarantine you must set HTTPS Content Filtering Mode to Deep Scan
in the Protocol Recognition part of the protection profile. For more information, see
content scanning and inspection" on page
Figure 308: Quarantine Configuration (quarantine to FortiAnalyzer unit)
Figure 309: Quarantine Configuration (SSL content scanning and inspection and quarantine
to disk)
Quarantine configuration has the following options:
Options Quarantine Infected Files: Select the protocols from which to quarantine infected
files identified by antivirus scanning.
Quarantine Suspicious Files: Select the protocols from which to quarantine
suspicious files identified by heuristic scanning.
Quarantine Blocked Files. Select the protocols from which to quarantine blocked
files identified by antivirus file filtering. The Quarantine Blocked Files option is not
available for IM and HTTPS because a file name is blocked before downloading
and cannot be quarantined.
Age limit The time limit in hours for which to keep files in quarantine. The age limit is used
to formulate the value in the TTL column of the quarantined files list. When the
limit is reached, the TTL column displays EXP. and the file is deleted (although the
entry in the quarantined files list is maintained). Entering an age limit of 0 (zero)
means files are stored on disk indefinitely, depending on low disk space action.
481.
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
AntiVirus
"SSL
01-410-89802-20090903
• Feedback