Firewall Protection Profile Configuring a protection profile
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 411
http://docs.fortinet.com/ • Feedback
IPS options
You can use the IPS options in a protection profile to enable IPS for the protection profile
and add an IPS sensor. To add an IPS sensor, go to Firewall > Protection Profile. Select
Create New to add a protection profile, or the Edit icon beside an existing protection
profile. Then select the Expand Arrow beside IPS, select the check box to enable IPS,
select an IPS Sensor, and select OK.
For more information on IPS, see “Intrusion Protection” on page 455.
Figure 255: Protection Profile IPS options
Web Filtering options
Web filtering sorts millions of web pages into a wide range of categories that you can
allow, block or monitor. Content block uses words and patterns to block web pages
containing the words or patterns, URL filtering uses URLs and URL patterns to exempt or
block web pages from specific sources, and FortiGuard web filter provides many
additional categories by which to filter web traffic. In some instances, users may require
access to web sites that are blocked by a policy. An administrator can give the user the
ability to override the block for a specified period of time. For more information about
overrides, see “Web Filter” on page 475.
You can configure web filtering for HTTP and HTTPS traffic. If your FortiGate unit supports
SSL content scanning and inspection and if you have set HTTPS Content Filtering Mode
in the Protocol Recognition part of this protection profile to Deep Scan, you can select the
same web filtering options for HTTPS and HTTP. For more information, see “SSL content
scanning and inspection” on page 399 and “Protocol recognition options” on page 405.
Filters defined in the web filtering settings are turned on through a protection profile. To
configure web filtering options, go to Firewall > Protection Profile. Select Create New to
add a protection profile, or the Edit icon beside an existing protection profile. Then select
the Expand Arrow beside Web Filtering, enter the information as described below, and
select OK.
IPS Select to enable and use the specified IPS sensor.
You cannot select denial of service (DoS) sensors through this option. For information on
configuring DoS sensors, see “DoS sensors” on page 469.
Note: Protection profile web filtering also includes FortiGuard Web Filtering. For
information about FortiGuard Web Filtering, see “FortiGuard Web Filtering options” on
page 413.
Note: If your FortiGate unit does not support SSL content scanning and inspection, or if you
have set HTTPS Content Filtering Mode to URL Filtering, you can only select URL filtering
and blocking invalid URLs for HTTPS.
To Next Page
Loading...