FortiOS 6.2 Antivirus Best Practices

Antivirus

  • Enable antivirus scanning at the network edge for all services. l Use FortiClient endpoint antivirus scanning for protection against threats that get into your network.
  • Subscribe to FortiGuard AntiVirus Updates and configure your FortiGate unit to receive push updates. This will ensure you receive antivirus signature updates as soon as they are available.
  • To ensure that all AV push updates occur, ensure you have an AV profile enabled in a security policy.
  • Enable only the protocols you need to scan. If you have antivirus scans occurring on the SMTP server, or use FortiMail, it is redundant to have scanning occur on the FortiGate unit as well.
  • Reduce the maximum file size to be scanned. Viruses usually travel in small files of around 1 to 2 megabytes.
  • Do not quarantine files unless you regularly monitor and review them. This is otherwise a waste of space and impacts performance.
  • Examine antivirus reports and log messages periodically. Take particular notice of repeated detections. For example, repeated virus detection in SMTP traffic could indicate a system on your network is infected and is attempting to contact other systems to spread the infection using a mass mailer.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU