SSL/SSH inspection Individual deep inspection security profiles can be created depending on the requirements of the policy. Depending on the inspection profile selected, you can: Configure which Certificate Authority (CA) certificate will be used to decrypt the Secure Sockets Layer (SSL) encrypted traffic. Configure whether a specific SSL protocol will be inspected, blocked or bypassed. […]
ICAP support ICAP is the acronym for Internet Content Adaptation Protocol. The purpose of the feature is to offload work that would normally take place on the firewall to a separate server specifically set up for the specialized processing of the incoming traffic. This takes some of the resource strain off of the FortiGate firewall […]
FortiClient Compliance Profiles This section describes the FortiClient Compliance Profiles endpoint protection features and configuration. FortiClient Compliance Profiles are used primarily to make sure connected devices are compliant with Endpoint Control and to protect against vulnerabilities. Both Endpoint Vulnerability Scan on Client and System compliance are enabled by default, while other settings are disabled by […]
Introduction This document provides the following information for FortiOS 5.6.6 build 1630: l Special Notices l Upgrade Information l Product Integration and Support l Resolved Issues l Known Issues l Limitations For FortiOS documentation, see the Fortinet Document Library. Supported models FortiOS 5.6.6 supports the following models. FortiGate FG-30D, FG-30E, FG-30E_3G4G_INTL, FG-30E_3G4G_NAM, FG-30D-POE, FG-50E, FG-51E, […]
If you are new to Fortinet or firewalling in general you may ask yourself the question, “what the hell is a virtual IP (VIP)?” Well, this video does a short dive into what it is, why we need it, and the benefits of it!
Proxy options Certain inspections defined in security profiles require that the traffic be held in proxy while the inspection is carried out. When a security profile requiring the use of a proxy is enabled in a policy, the Proxy Options field is displayed. The Proxy Options define the parameters of how the traffic will be […]
Data leak prevention The FortiGate data leak prevention (DLP) system allows you to prevent sensitive data from leaving your network. When you define sensitive data patterns, data matching these patterns will be blocked, or logged and allowed, when passing through the FortiGate unit. You configure the DLP system by creating individual filters based on file […]
Intrusion prevention The FortiOS Intrusion Prevention System (IPS) combines signature detection and prevention with low latency and excellent reliability. With intrusion protection, you can create multiple IPS sensors, each containing a complete configuration based on signatures. Then, you can apply any IPS sensor to any security policy. This section describes how to configure the FortiOS […]