FortiCache 4.0.1 Administration Guide

FortiGuard settings

The FortiGuard Distribution Network page provides information and configuration settings for FortiGuard subscription services. For more information about FortiGuard services, see the FortiGuard Center web page.

To view and configure FortiGuard connections, go to System > Config > FortiGuard.

Configure the following settings:

Support Contract The availability or status of your unit’s support contract. The status displays can be Unreachable, Not Registered, or Valid Contract.

You can update your registration status by selecting Update in the

Registration Status row and loading the license file from a location on your management computer.

FortiGuard Subscription Services The availability or status of your FortiGuard subscription services. The status displays can be Unreachable, Not Registered, or Valid Contract. You can update the antivirus definitions by selecting Update in the AV Definitions row.
AV & IPS Download

Options

Select the expand arrow to expand or hide the section.
Allow Push Update Select to allow updates to be pushed. If a specific override push IP address is required, select Use override push IP and enter an IP address and port number in the requisite field.
Schedule Update Select to have scheduled updates, then select when said updates occur: Every 1-23 hours, Daily at a specific hour, or Weekly on a specific day at a specific hour.

Select Update Now to send an update request.

Web Filtering Options Select the expand arrow to expand or hide the section.

 

Enable webfilter cache Enable webfilter cache.

Enter the Time To Live (TTL) value. This is the number of seconds the FortiCache unit will store blocked IP addresses or URLs locally, saving time and network access traffic by not checking the FortiGuard server. Once the TTL has expired, the FortiCache unit will contact the FDN server to verify a web address. The TTL must be between 300 and 86400 seconds (3600 by default).

Enable antispam cache Enable antispam cache, then enter the TTL value.
Port Selection Select the port assignments for contacting the FortiGuard servers, either the default port (53) or the alternate port (8888).

Select Test Availability to verify the connection using the selected port.

To have a URL’s category rating re-evaluated… Select to re-evaluate a URL’s category rating using the Fortinet Live URL Rating system (opens in a new browser window).

Disk management

The Disk page shows information about the storage space for different features for each hard disk, and allows you to edit quota and storage settings.

Go to System > Config > Disk to view the disk information.

Feature The feature that will be storing information on the disk.
Storage Size The size of the storage space on the disk.
Allocated The amount of space that is allowed for storage for a feature.
Used The current amount of space that has been used to store information of a feature.
Quota Usage The percentage of the quota that is currently being used. If there is no quota being used, the number is 100 percent.
Edit Select to modify the current amount of space that is being used. See Disk configuration on page 45.

Disk configuration

When possible, performance can be improved by logging to a disk that is not used for caching. A disk can be reserved for logging by setting the quota storage setting to 0 MB.

For optimal performance, avoid allowing the disks used for caching from reaching 100% capacity. This can be achieved by limiting the cache file size to 70% of the total disk capacity.

Select Edit in the Logging and Archiving row to edit the quota settings for logging and archiving. 45

Select Edit in the WAN Optimization & Web Cache row to change the WAN optimization storage settings. Enter a value, in MB, to be used for WAN optimization storage, then select Apply to apply your changes.

Features

Various FortiCache features can be enabled or disabled as required. Disable features are not shown in the GUI.

Select Storage Select a storage device from the drop-down list; either Default, or one of the available hard disks.
Disk Logging Enter the quota, in MB, for disk logging.
DLP Archive Enter the quota, in MB, for the DLP archive.
Historic Reports Enter the quota, in MB, for historic reports.

Go to System > Config > Features to configure the visibility of the features.

The following options can be turned on or off by clicking anywhere within their rectangles:

WAN Opt. & Cache Controls the visibility of the WAN Opt. and Cache menu.

WAN optimization and web caching is used to reduce the amount of bandwidth used by traffic on your WAN. See .

AntiVirus Controls the visiblity of the Security Profiles > AntiVirus menu.

Remove viruses, analyze suspicious files with FortiGuard Sandbox, apply botnet protection to network traffic, and setup antivirus profiles and add them to firewall policies. See .

DLP Controls the visibility of the Security Profiles > Data Leak Prevention menu.

Prevent sensitive date, like credit card numbers, from leaving or entering your network, and to setup Data Leak Prevention (DLP) sensors and add them to firewall policies.

Exlicit Proxy Controls the visibility of the Firewall Objects > Web Proxy menu, and the Enable Explicit Web Proxy option on the Edit Interface page.

Enable HTTP, HTTPS, or FTP proxies for your network, that can be added to interfaces. Create security polocies to control access to the proxy and apply UTM and other features to proxy traffic. Users on the network must configure their to use the proxy.

Web Filter Controls the visibility of the Security Profiles > Web Filter menu.

Apply web category, URL, and content filtering to control users’ access to web resources. Setup profiles and add them to firewall policies.

Certificates Controls the visibility of the System > Certificates menu.Change the certificates used for SSL inspection, SSL load balancing, SSL-VPN, IPsec VPN, and authentication. If not enabled, default FortiCache certificates will be used. See .
ICAP Controls the visibility of the Security Profiles > ICAP (Internet Content

Adaptation Protocol) menu.

Offload services to an external server. These services can include: Ad insertion, virus scanning, content and language translation, HTTP header or URL manipulation, and content filtering. Setup profiles and add them to security policies.

Implicit Firewall Policies Controls the visibility of implicit firewall policies that deny all traffic. You can edit an implicit policy and enable logging to record log messages when the implicit policy denies a session.

Messaging servers

To configure a messaging server, use the following CLI commands:

config system email-server set type    –Configure a custom email server. set reply-to –Enter the default reply to email address. set server <IP or hostname>    –Enter the name or address of the SMTP email server. set port –Set the SMTP server port. set source-ip –Set the SMTP server source IP. set source-ip6 –Set the SMTP server source IP. set authenticate                –Enable/disable authentication. set security                    –Set connection security. next

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.