FortiGate Version 3.0 MR4 Administration Guide
274 01-30004-0203-20070102
Configuring a protection profile Firewall Protection Profile
The following options are available for antivirus through the protection profile.
See “AntiVirus” on page 335 for more antivirus configuration options.
Virus Scan Enable or disable virus scanning for each protocol (HTTP, FTP, IMAP,
POP3, SMTP, IM). Grayware, if enabled in AntiVirus > Config >
Grayware, is included with the Virus Scan. Heuristic, if enabled with
the CLI, is also included with the Virus Scan. Note that streaming mode
is enabled automatically when you enable virus scanning.
File Pattern Enable or disable file pattern processing for each protocol. Files can be
blocked or allowed by name, extension, or any other pattern. File
pattern processing provides the flexibility to block files that may contain
harmful content.
File pattern drop-down list: Select which file pattern list will be used
with this protection profile. The default file pattern list is called builtin-
patterns.
Quarantine (log
disk required)
Enable or disable quarantine for each protocol. Quarantine suspect
files to view them or submit files to Fortinet for analysis. The quarantine
option is not displayed in the protection profile if the FortiGate does not
have a hard drive or a configured FortiAnalyzer unit.
Pass fragmented
emails
Enable or disable passing fragmented email for mail protocols (IMAP,
POP3, SMTP). Fragmented email cannot be scanned for viruses.
Comfort Clients Enable or disable client comforting for HTTP and FTP traffic. Client
comforting provides a visual status for files that are being buffered for
downloads using HTTP and FTP. Users can observe web pages being
drawn or file downloads progressing. If disabled, users have no
indication the FortiGate unit is buffering the download and they may
cancel the transfer thinking it has failed.
Interval The time in seconds before client comforting starts
after the download has begun. It is also the time
between subsequent intervals.
Amount The number of bytes sent at each interval.
Oversized
File/Email
Select block or pass for files and email messages exceeding
configured thresholds for each protocol.
Threshold If the file is larger than the threshold value in
megabytes, the file is passed or blocked, as set in the
Oversized File/Email drop down. The maximum
threshold for scanning in memory is 10% of the
FortiGate unit RAM.
Note: For email scanning, the oversize threshold
refers to the final size of the email after encoding by
the email client, including attachments. Email clients
may use a variety of encoding types and some
encoding types translate into larger file sizes than the
original attachment. The most common encoding,
base64, translates 3 bytes of binary data into 4 bytes
of base64 data. So a file may be blocked or logged as
oversized even if the attachment is several megabytes
smaller than the configured oversize threshold.
Add signature to
outgoing emails
Create and enable a signature to append to outgoing email (SMTP
only).
To Next Page
Loading...
Need help?
General