If you are new to programming a Fortigate here are some basics to help you get started with implementing the Unified Threat Management (UTM) features. The following was created using 4MR3 Patch9
The key UTM features to be implemented are: AntiVirus, Web Filter, Application Control and IPS.
The default AntiVirus setting are sufficient, and do not need to be changed.
2 Web Filter
Create a new profile and name it Q-Web-Filter. Click Proxy, check Log all URLs, check FortiGuard Categories. Under the Categories, check Security Risk and for action drop down and select Block. Then click apply.
There could be problems with the this Web Filter configuration causing an “In Valid Certificate” error messages on some workstation and mobile devices, so this should be added to the configuration via console (command line)
config webfilter profile
set options connect-request-bypass
3 Application Control
Create a new Application Sensor and name it Q-App-Sensor. In the new Q-App-Sensor, select create new, and in the category section, drop down to Botnet. Under action click Block.
4 Intrusion Sensor
Create a new IPS Sensor and name it Q-IPS-Sensor. In the new Q-IPS-Sensor, click new and add the following:
Severity, select high and critical
Target, select client (there is an issue with HTTP URI overload with the Server)
OS, select Windows and MacOS
Keep the defaults except at the bottom select the Quarantine Attackers to Banned Users List:
Mehtod, Attacker IP Address
Expires, 5 Minutes.
5 Apply Filters
These filters should be applied on all gernaerl outgoing traffic policiy rules.
For IT Support and InfoSec services in the Dayton, Ohio area please visit our web site at www.quanexus.com