Firewall configuration Content profiles
FortiGate-400 Installation and Configuration Guide 197
Content profiles
Use content profiles to apply different protection settings for content traffic controlled
by firewall policies. You can use content profiles to:
• Configure antivirus protection for HTTP, FTP, POP3, SMTP, and IMAP policies
• Configure web filtering for HTTP policies
• Configure email filtering for IMAP and POP3 policies
• Configure oversized file and email blocking for HTTP, FTP, POP3, SMTP, and
IMAP policies
• Passing fragmented email for POP3, SMTP, and IMAP policies
Using content profiles you can build up protection configurations that can be easily
applied to different types of Firewall policies. This allows you to customize different
types and different levels of protection for different firewall policies.
For example, while traffic between internal and external addresses might need strict
protection, traffic between trusted internal addresses might need moderate protection.
You can configure policies for different traffic services to use the same or different
content profiles.
Content profiles can be added to NAT/Route mode and Transparent mode policies.
• Default content profiles
• Adding a content profile
• Adding a content profile to a policy
Default content profiles
The FortiGate unit has the following four default content profiles under Firewall >
Content Profile. You can use these existing content profiles or create your own:
Adding a content profile
If the default content profiles do not provide the protection that you require, you can
create new content profiles customized to your requirements.
1 Go to Firewall > Content Profile.
2 Select New.
Strict To apply maximum content protection to HTTP, FTP, IMAP, POP3, and
SMTP content traffic. You would not use the strict content profile under
normal circumstances, but it is available if you are having extreme problems
with viruses and require maximum content screening protection.
Scan Apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content
traffic. Quarantine is also selected for all content services. On FortiGate
models with a hard drive, if antivirus scanning finds a virus in a file, the file is
quarantined on the FortiGate hard disk. If required, system administrators
can recover quarantined files.
Web Apply antivirus scanning and Web content blocking to HTTP content traffic.
You can add this content profile to firewall policies that control HTTP traffic.
Unfiltered Use the unfiltered content profile if you do not want to apply any content
protection to content traffic. You can add this content profile to firewall
policies for connections between highly trusted or highly secure networks
where content does not need to be protected.
To Next Page
Loading...
