Foritgate Basic UTM Configuration

If you are new to programming a Fortigate here are some basics to help you get started with implementing the Unified Threat Management (UTM) features.  The following was created using 4MR3 Patch9

Basic

The key UTM features to be implemented are: AntiVirus, Web Filter, Application Control and IPS.

1 AntiVirus

The default AntiVirus setting are sufficient, and do not need to be changed.

2 Web Filter

Create a new profile and name it Q-Web-Filter.  Click Proxy, check Log all URLs, check FortiGuard Categories.  Under the Categories, check Security Risk and for action drop down and select Block.  Then click apply.

There could be problems with the this Web Filter configuration causing an “In Valid Certificate” error messages on some workstation and mobile devices, so this should be added to the configuration via console (command line)

config webfilter profile
edit Q-Web-Filter
config ftgd-wf
set options connect-request-bypass
end
next
end

3 Application Control

Create a new Application Sensor and name it Q-App-Sensor.  In the new Q-App-Sensor, select create new, and in the category section, drop down to Botnet.  Under action click Block.

4 Intrusion Sensor

Create a new IPS Sensor and name it Q-IPS-Sensor.  In the new Q-IPS-Sensor, click new and add the following:

Severity, select high and critical
Target, select client (there is an issue with HTTP URI overload with the Server)
OS, select Windows and MacOS
Keep the defaults except at the bottom select the Quarantine Attackers to Banned Users List:
Mehtod, Attacker IP Address
Expires, 5 Minutes.

5 Apply Filters

These filters should be applied on all gernaerl outgoing traffic policiy rules.

For IT Support and InfoSec services in the Dayton, Ohio area please visit our web site at www.quanexus.com

 

This entry was posted in Fortinet, IT (Informatin Technology). Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>