Proxy policy security profiles

Proxy policy security profiles

Web proxy policies support most security profile types.

Explicit web proxy policy

The security profiles supported by explicit web proxy policies are:

  • AntiVirus, l Web Filter, l Application Control, l IPS, l DLP Sensor, l ICAP,
  • Web Application Firewall, and l SSL Inspection.

To configure security profiles on an explicit web proxy policy in the GUI:

  1. Go to Policy & Objects > Proxy Policy.
  2. Click Create New.
  3. Set the following:
Proxy Type Explicit Web
Outgoing Interface port1
Source all
Destination all
Schedule always
Service webproxy
Action ACCEPT
  1. In the Firewall / Network Options section, set Protocol Options to default.
  2. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus av
Web Filter urlfiler
Application Control app
IPS Sensor-1
DLP Sensor dlp
ICAP default
Web Application Firewall default
SSL Inspection deep-inspection
  1. Click OK to create the policy.

To configure security profiles on an explicit web proxy policy in the CLI:

config firewall proxy-policy edit 1 set uuid c8a71a2c-54be-51e9-fa7a-858f83139c70 set proxy explicit-web set dstintf “port1” set srcaddr “all” set dstaddr “all” set service “web” set action accept set schedule “always” set utm-status enable set av-profile “av” set webfilter-profile “urlfilter” set dlp-sensor “dlp” set ips-sensor “sensor-1” set application-list “app” set icap-profile “default” set waf-profile “default” set ssl-ssh-profile “deep-inspection”

next end

Transparent proxy

The security profiles supported by explicit web proxy policies are:

  • AntiVirus, l Web Filter, l Application Control, l IPS, l DLP Sensor, l ICAP,
  • Web Application Firewall, and l SSL Inspection.

To configure security profiles on a transparent proxy policy in the GUI:

  1. Go to Policy & Objects > Proxy Policy.
  2. Click Create New.
  3. Set the following:
Proxy Type Explicit Web
Incoming Interfae port2
Outgoing Interface port1
Source all
Destination all
Schedule always
Service webproxy
Action ACCEPT
  1. In the Firewall / Network Options section, set Protocol Options to default.
  2. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus av
Web Filter urlfiler
Application Control app
IPS Sensor-1
DLP Sensor dlp
ICAP default
Web Application Firewall default
SSL Inspection deep-inspection
  1. Click OK to create the policy.

To configure security profiles on a transparent proxy policy in the CLI:

config firewall proxy-policy edit 2 set uuid 8fb05036-56fc-51e9-76a1-86f757d3d8dc set proxy transparent-web set srcintf “port2” set dstintf “port1” set srcaddr “all” set dstaddr “all” set service “webproxy” set action accept set schedule “always” set utm-status enable set av-profile “av” set webfilter-profile “urlfilter” set dlp-sensor “dlp” set ips-sensor “sensor-1” set application-list “app” set icap-profile “default” set waf-profile “default” set ssl-ssh-profile “certificate-inspection”

next

end

FTP proxy

The security profiles supported by explicit web proxy policies are:

l AntiVirus, l Application Control, l IPS, and l DLP Sensor.

To configure security profiles on an FTP proxy policy in the GUI:

  1. Go to Policy & Objects > Proxy Policy.
  2. Click Create New.
  3. Set the following:
Proxy Type FTP
Outgoing Interface port1
Source all
Destination all
Schedule always
Action ACCEPT
  1. In the Firewall / Network Options section, set Protocol Options to default.
  2. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):
AntiVirus av
Application Control app
IPS Sensor-1
DLP Sensor dlp
  1. Click OK to create the policy.

To configure security profiles on an FTP proxy policy in the CLI:

config firewall proxy-policy edit 3 set uuid cb89af34-54be-51e9-4496-c69ccfc4d5d4

set proxy ftp set dstintf “port1” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set utm-status enable set av-profile “av” set dlp-sensor “dlp” set ips-sensor “sensor-1” set application-list “app”

next

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU