Default Content Profiles; Adding Content Profiles - Fortinet FortiGate FortiGate-800 Installation And Configuration Manual

Firewall configuration

Default content profiles

Adding content profiles

FortiGate-800 Installation and Configuration Guide
The FortiGate unit has the following four default content profiles that are displayed on
the Firewall Content Profile page. You can use the default content profiles or create
your own.
Strict To apply maximum content protection to HTTP, FTP, IMAP, POP3, and
SMTP content traffic. You would not use the strict content profile under
normal circumstances but it is available if you have extreme problems with
viruses and require maximum content screening protection.
Scan To apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content
traffic. Quarantine is also selected for all content services. On FortiGate
models with a hard disk, if antivirus scanning finds a virus in a file, the file is
quarantined on the FortiGate hard disk. If required, system administrators
can recover quarantined files.
Web To apply antivirus scanning and web content blocking to HTTP content
traffic. You can add this content profile to firewall policies that control HTTP
traffic.
Unfiltered Use if you do not want to apply content protection to content traffic. You can
add this content profile to firewall policies for connections between highly
trusted or highly secure networks where content does not need to be
protected.
If the default content profiles do not provide the protection that you require, you can
create custom content profiles.
To add a content profile
1 Go to Firewall > Content Profile.
2 Select New.
3 Type a Profile Name.
4 Enable the antivirus protection options that you want.
Anti Virus Scan
File Block
Quarantine
Note: If both Anti Virus Scan and File Block are enabled, the FortiGate unit blocks files that
match enabled file patterns before they are scanned for viruses.
5 Enable the web filtering options that you want.
Web URL Block
Scan web, FTP, and email traffic for viruses and worms. See
scanning" on page 280.
Delete files with blocked file patterns even if they do not contain
viruses. Enable file blocking when a virus has been found that is so
new that virus scanning does not detect it. See
page 281.
Quarantine blocked and infected files according to the quarantine
configuration.
Block unwanted web pages and web sites. This option adds
FortiGate Web URL blocking (see
blocking" on page 293), FortiGate Web Pattern blocking (see
"Configuring FortiGate Web pattern blocking" on page
Cerberian URL filtering (see
page 296) to HTTP traffic accepted by a policy.
"File blocking" on
"Configuring FortiGate Web URL
"Configuring Cerberian URL filtering" on
Content profiles
"Antivirus
296), and
219