SSL/SSH inspection Individual deep inspection security profiles can be created depending on the requirements of the policy. Depending on the inspection profile selected, you can: Configure which Certificate Authority (CA) certificate will be used to decrypt the Secure Sockets Layer (SSL) encrypted traffic. Configure whether a specific SSL protocol will be inspected, blocked or bypassed. […]
FortiOS 6
FortiOS 6 – ICAP Support
ICAP support ICAP is the acronym for Internet Content Adaptation Protocol. The purpose of the feature is to offload work that would normally take place on the firewall to a separate server specifically set up for the specialized processing of the incoming traffic. This takes some of the resource strain off of the FortiGate firewall […]
FortiOS 6 – FortiClient Compliance Profiles
FortiClient Compliance Profiles This section describes the FortiClient Compliance Profiles endpoint protection features and configuration. FortiClient Compliance Profiles are used primarily to make sure connected devices are compliant with Endpoint Control and to protect against vulnerabilities. Both Endpoint Vulnerability Scan on Client and System compliance are enabled by default, while other settings are disabled by […]
FortiOS 6 – Proxy options
Proxy options Certain inspections defined in security profiles require that the traffic be held in proxy while the inspection is carried out. When a security profile requiring the use of a proxy is enabled in a policy, the Proxy Options field is displayed. The Proxy Options define the parameters of how the traffic will be […]
FortiOS 6 – Data leak prevention
Data leak prevention The FortiGate data leak prevention (DLP) system allows you to prevent sensitive data from leaving your network. When you define sensitive data patterns, data matching these patterns will be blocked, or logged and allowed, when passing through the FortiGate unit. You configure the DLP system by creating individual filters based on file […]
FortiOS 6 – Intrusion prevention
Intrusion prevention The FortiOS Intrusion Prevention System (IPS) combines signature detection and prevention with low latency and excellent reliability. With intrusion protection, you can create multiple IPS sensors, each containing a complete configuration based on signatures. Then, you can apply any IPS sensor to any security policy. This section describes how to configure the FortiOS […]
FortiOS 6 – Anti-spam filter
Anti-spam filter This section describes how to configure FortiGate email filtering for IMAP, POP3, and SMTP email. Email filtering includes both spam filtering and filtering for any words or files you want to disallow in email messages. If your FortiGate unit supports SSL content scanning and inspection, you can also configure spam filtering for IMAPS, […]
FortiOS 6 – Application Control
Application control Using the Application Control Security Profiles feature, your FortiGate unit can detect and take action against network traffic depending on the application generating the traffic. Based on FortiGate Intrusion Protection protocol decoders, application control is a user-friendly and powerful way to use Intrusion Protection features to log and manage the behavior of application […]