Security Profiles

Botnet protection added (254959)

The latest Botnet database is available from FortiGuard. You can see the version of the database and display its contents from the System > FortiGuard GUI page. You can also block, monitor or allow outgoing connections to Botnet sites for each FortiGate interface.

 

FortiSandbox URL database added

You can see the version of the database and display its contents from the System > FortiSandbox GUI page.

 

New Web Filter profile whitelist setting and changes to blacklist setting (283855, 285216)

 

Domain reputation can now be determined by “common sense”, for sites such as Google, Apple, and even sites that may contain sensitive material that would otherwise be trusted (i.e. there is no risk of receiving botnets or malicious attacks). You can tag URL groups with flags that exempt them from further sandboxing or AV analyzing.

 

You can identify reputable sites and enable certain bypasses under Security Profiles > Web Filter. Similarly, you can exempt the identified reputable sites from SSL inspection.

CLI Syntax

 

config firewall ssl-ssh-profile edit <profile-name>

set whitelist [enable | disable]

end

 

config webfilter profile edit <profile-name>

config web

set whitelist exempt-av exempt-webcontent exempt-activex-java-cookie exempt-dlp exempt-rangeblock extended-log-others

end

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Security Profiles

  1. Jaro Stolicny

    Has anyone made this off-box websense intergration to work? I have got everything configured per Fortinet how-to, but I still not see firewall relaying http/https request to the websense server located on customer local network.

    Thanks.

    Jaro

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.