FortiOS 6 – AntiVirus

Enabling AntiVirus in Flow-mode – GUI

  1. Go to Security Profiles > AntiVirus.
  2. Choose whether you want to edit an existing profile or create a new one.
    • The default profile will be the one displayed by default.
    • If you are going to edit an existing profile, selecting it can be done by either using the drop down menu in the upper right hand corner of the window or by selecting the List icon (the furthest right of the 3 icons in the upper right of the window, if resembles a page with some lines on it), and then selecting the profile you want to edit from the list.
    • If you need to create a new profile you can either select the Create New icon (a plus sign within a circle) or select the List icon and then select the Create New link in the upper left of the window that appears.
  3. If you are creating a new profile, write a name for it in the Name
  4. Select Quick or Full Scan Mode(see the discussion of the differences in antivirus scanning modes for more information).
  5. For the Detect Viruses field, select either Block to prevent infected files from passing throughout the FortiGate or Monitor to allow infected files to pass through the FortiGate but to record instances of infection.
  6. Under Inspected Protocols, enable the protocols you wish to be blocked or monitored.
  7. Under Inspection Options, you may enable the following: Treat Windows Executables in Email Attachments as Viruses and Include Mobile Malware Protection.

You may also enable the following options if you have a FortiCloud account active on your FortiGate: Send Files to FortiSandbox Cloud for Inspection and Use FortiSandbox Database.

  1. Select OK or Apply.
  2. Add the AntiVirus profile to a firewall security policy.

Enabling AntiVirus – CLI

Configure the scan option for each type of traffic you want scanned.

  1. Configure the AntiVirus profile config antivirus profile edit <profile_name> set comment “scan and delete virus” set replacemsg-group ” set scan-botnet-connections block set ftgd-analytics suspicious config http set options scan

end config ftp set options scan

end config imap set options scan

end config pop3 set options scan

end config smtp set options scan

end config nntp set options scan

end config smb set options scan

end

end

  1. Add the AntiVirus profile to the Fortigate firewall security policy. When using the CLI, you will need to know the policy ID number.

config firewall policy edit <policy ID number>

Testing your antivirus configuration

set av-profile <profile_name> set profile-protocol-options default

end

end

Overriding the AV engine file scan timeout

Overriding the AV engine file scan timeout allows the FortiGate to scan files as large as 4GB without breaking the scan.

Override the large file scan timeout value in seconds (30 – 3600). Zero is the default value and is used to disable this command. When disabled, the daemon adjusts the large file scan timeout based on the file size.

Syntax

config antivirus settings set override-timeout 0

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.