Glossary. Fortinet FortiGate-800, FortiGate FortiGate-800
Add to My manuals336 Pages
Fortinet FortiGate-800 is a high-performance security appliance that provides comprehensive protection for networks of all sizes. With its powerful hardware platform and advanced software features, the FortiGate-800 delivers exceptional performance, scalability, and reliability. Some of the key benefits of using the FortiGate-800 include:
- Protection against a wide range of threats, including viruses, malware, spyware, and phishing attacks
- Web content filtering to block access to inappropriate or malicious websites
- Email filtering to protect against spam and phishing attacks
- Firewall to control traffic and prevent unauthorized access to the network
- VPN support for secure remote access to the network
- High availability for maximum uptime and reliability
- Secure installation, configuration, and management
- Web-based manager and command line interface for easy configuration and management
advertisement
FortiGate-800 Installation and Configuration Guide Version 2.50
Glossary
Connection: A link between machines, applications, processes, and so on that can be logical, physical, or both.
DMZ, Demilitarized Zone: Used to host Internet services without allowing unauthorized access to an internal (private) network. Typically, the DMZ contains servers accessible to Internet traffic, such as Web
(HTTP) servers, FTP servers, SMTP (email) servers and DNS servers.
DMZ interface: The FortiGate interface that is connected to a DMZ network.
DNS, Domain Name Service: A service that converts symbolic node names to IP addresses.
Ethernet: A local-area network (LAN) architecture that uses a bus or star topology and supports data transfer rates of 10 Mbps. Ethernet is one of the most widely implemented LAN standards. A newer version of
Ethernet, called 100 Base-T (or Fast Ethernet), supports data transfer rates of 100 Mbps. And the newest version, Gigabit Ethernet, supports data rates of 1 gigabit (1,000 megabits) per second.
External interface: The FortiGate interface that is connected to the Internet. For the FortiGate-60 the external interface is WAN1 or WAN2.
FTP, File transfer Protocol: An application and TCP/
IP protocol used to upload or download files.
Gateway: A combination of hardware and software that links different networks. Gateways between TCP/IP networks, for example, can link different subnetworks.
HTTP, Hyper Text Transfer Protocol: The protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
HTTPS: The SSL protocol for transmitting private documents over the Internet using a Web browser.
Internal interface: The FortiGate interface that is connected to an internal (private) network.
Internet: A collection of networks connected together that span the entire globe using the NFSNET as their backbone. As a generic term, it refers to any collection of interdependent networks.
ICMP, Internet Control Message Protocol: Part of the
Internet Protocol (IP) that allows for the generation of error messages, test packets, and information messages relating to IP. This is the protocol used by the ping function when sending ICMP Echo Requests to a network host.
IKE, Internet Key Exchange: A method of automatically exchanging authentication and encryption keys between two secure servers.
IMAP, Internet Message Access Protocol: An
Internet email protocol that allows access to your email from any IMAP compatible browser. With IMAP, your mail resides on the server.
IP, Internet Protocol: The component of TCP/IP that handles routing.
IP Address: An identifier for a computer or device on a
TCP/IP network. An IP address is a 32-bit numeric address written as four numbers separated by periods.
Each number can be zero to 255.
L2TP, Layer Two (2) Tunneling Protocol: An extension to the PPTP protocol that enables ISPs to operate Virtual Private Networks (VPNs). L2TP merges
PPTP from Microsoft and L2F from Cisco Systems. To create an L2TP VPN, your ISP’s routers must support
L2TP.
IPSec, Internet Protocol Security: A set of protocols that support secure exchange of packets at the IP layer. IPSec is most often used to support VPNs.
FortiGate-800 Installation and Configuration Guide
323
Glossary
LAN, Local Area Network: A computer network that spans a relatively small area. Most LANs connect workstations and personal computers. Each computer on a LAN is able to access data and devices anywhere on the LAN. This means that many users can share data as well as physical resources such as printers.
MAC address, Media Access Control address: A hardware address that uniquely identifies each node of a network.
MIB, Management Information Base: A database of objects that can be monitored by an SNMP network manager.
Modem: A device that converts digital signals into analog signals and back again for transmission over telephone lines.
MTU, Maximum Transmission Unit: The largest physical packet size, measured in bytes, that a network can transmit. Any packets larger than the MTU are divided into smaller packets before being sent. Ideally, you want the MTU your network produces to be the same as the smallest MTU of all the networks between your machine and a message's final destination. If your messages are larger than one of the intervening MTUs, they get broken up (fragmented), which slows down transmission speeds.
Netmask: Also called subnet mask. A set of rules for omitting parts of a complete IP address to reach a target destination without using a broadcast message.
It can indicate a subnetwork portion of a larger network in TCP/IP. Sometimes referred to as an Address Mask.
NTP, Network Time Protocol: Used to synchronize the time of a computer to an NTP server. NTP provides accuracies to within tens of milliseconds across the
Internet relative to Coordinated Universal Time (UTC).
Packet: A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.
Ping, Packet Internet Grouper: A utility used to determine whether a specific IP address is accessible.
It works by sending a packet to the specified address and waiting for a reply.
POP3, Post Office Protocol: A protocol used to transfer e-mail from a mail server to a mail client across the Internet. Most e-mail clients use POP.
PPP, Point-to-Point Protocol: A TCP/IP protocol that provides host-to-network and router-to-router connections.
PPTP, Point-to-Point Tunneling Protocol: A
Windows-based technology for creating VPNs. PPTP is supported by Windows 98, 2000, and XP. To create a
PPTP VPN, your ISP's routers must support PPTP.
Port: In TCP/IP and UDP networks, a port is an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic.
Protocol: An agreed-upon format for transmitting data between two devices. The protocol determines the type of error checking to be used, the data compression method (if any), how the sending device indicates that it has finished sending a message, and how the receiving device indicates that it has received a message.
RADIUS, Remote Authentication Dial-In User
Service: An authentication and accounting system used by many Internet Service Providers (ISPs). When users dial into an ISP they enter a user name and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.
Router: A device that connects LANs into an internal network and routes traffic between them.
Routing: The process of determining a path to use to send data to its destination.
Routing table: A list of valid paths through which data can be transmitted.
Server: An application that answers requests from other devices (clients). Used as a generic term for any device that provides services to the rest of the network such as printing, high capacity storage, and network access.
SMTP, Simple Mail Transfer Protocol: In TCP/IP networks, this is an application for providing mail delivery services.
SNMP, Simple Network Management Protocol: A set of protocols for managing networks. SNMP works by sending messages to different parts of a network.
SNMP-compliant devices, called agents, store data about themselves in Management Information Bases
(MIBs) and return this data to the SNMP requesters.
324
Fortinet Inc.
Glossary
SSH, Secure shell: A secure Telnet replacement that you can use to log into another computer over a network and run commands. SSH provides strong secure authentication and secure communications over insecure channels.
Subnet: A portion of a network that shares a common address component. On TCP/IP networks, subnets are defined as all devices whose IP addresses have the same prefix. For example, all devices with IP addresses that start with 100.100.100. would be part of the same subnet. Dividing a network into subnets is useful for both security and performance reasons.
IP networks are divided using a subnet mask.
Subnet Address: The part of the IP address that identifies the subnetwork.
TCP, Transmission Control Protocol: One of the main protocols in TCP/IP networks. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
UDP, User Datagram Protocol: A connectionless protocol that, like TCP, runs on top of IP networks.
Unlike TCP, UDP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It is used primarily for broadcasting messages over a network.
VPN, Virtual Private Network: A network that links private networks over the Internet. VPNs use encryption and other security mechanisms to ensure that only authorized users can access the network and that data cannot be intercepted.
Virus: A computer program that attaches itself to other programs, spreading itself through computers or networks by this mechanism usually with harmful intent.
Worm: A program or algorithm that replicates itself over a computer network, usually through email, and performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
FortiGate-800 Installation and Configuration Guide
325
Glossary
326
Fortinet Inc.
advertisement
Key Features
- High-performance hardware platform
- Advanced software features
- Comprehensive protection against a wide range of threats
- Web content filtering
- Email filtering
- Firewall
- VPN support
- High availability
- Secure installation, configuration, and management
- Web-based manager and command line interface
Related manuals
Frequently Answers and Questions
What are the benefits of using the FortiGate-800?
What are the key features of the FortiGate-800?
How do I configure the FortiGate-800?
advertisement
Table of contents
- 3 Table of Contents
- 15 Introduction
- 16 Antivirus protection
- 16 Web content filtering
- 17 Email filtering
- 17 Firewall
- 18 NAT/Route mode
- 18 Transparent mode
- 18 VLANs and virtual domains
- 18 Network intrusion detection
- 19 VPN
- 19 High availability
- 20 Secure installation, configuration, and management
- 20 Web-based manager
- 21 Command line interface
- 21 Logging and reporting
- 22 Document conventions
- 22 Fortinet documentation
- 23 Comments on Fortinet technical documentation
- 23 Customer service and technical support
- 25 Getting started
- 26 Package contents
- 26 Mounting
- 26 Dimensions
- 26 Weight
- 27 Power requirements
- 27 Environmental specifications
- 27 Powering on
- 28 Connecting to the web-based manager
- 29 Connecting to the command line interface (CLI)
- 30 Factory default FortiGate configuration settings
- 30 Factory default NAT/Route mode network configuration
- 31 Factory default Transparent mode network configuration
- 32 Factory default firewall configuration
- 33 Factory default content profiles
- 33 Strict content profile
- 34 Scan content profile
- 35 Web content profile
- 35 Unfiltered content profile
- 36 Planning the FortiGate configuration
- 36 NAT/Route mode
- 37 NAT/Route mode with multiple external network connections
- 37 Transparent mode
- 38 Configuration options
- 38 Setup wizard
- 38 CLI
- 39 Front keypad and LCD
- 39 FortiGate model maximum values matrix
- 40 Next steps
- 41 NAT/Route mode installation
- 41 Preparing to configure NAT/Route mode
- 42 Advanced NAT/Route mode settings
- 43 DMZ and user-defined interfaces
- 43 Using the setup wizard
- 43 Starting the setup wizard
- 43 Reconnecting to the web-based manager
- 44 Using the front control buttons and LCD
- 44 Using the command line interface
- 44 Configuring the FortiGate unit to operate in NAT/Route mode
- 44 Configuring NAT/Route mode IP addresses
- 46 Connecting the FortiGate unit to your networks
- 48 Configuring your networks
- 49 Completing the configuration
- 49 Configuring the DMZ interface
- 49 Configuring interfaces 1 to 4
- 49 Setting the date and time
- 49 Changing antivirus protection
- 50 Registering your FortiGate unit
- 50 Configuring virus and attack definition updates
- 50 Configuration example: Multiple connections to the Internet
- 51 Configuring ping servers
- 52 Using the CLI
- 52 Destination-based routing examples
- 52 Primary and backup links to the Internet
- 52 Using the CLI
- 53 Load sharing
- 53 Load sharing and primary and secondary connections
- 55 Policy routing examples
- 55 Routing traffic from internal subnets to different external networks
- 55 Routing a service to an external network
- 56 Firewall policy example
- 56 Adding a redundant default policy
- 56 Adding more firewall policies
- 57 Restricting access to a single Internet connection
- 59 Transparent mode installation
- 59 Preparing to configure Transparent mode
- 60 Using the setup wizard
- 60 Changing to Transparent mode using the web-based manager
- 60 Starting the setup wizard
- 60 Reconnecting to the web-based manager
- 61 Using the front control buttons and LCD
- 61 Using the command line interface
- 61 Changing to Transparent mode using the CLI
- 62 Configuring the Transparent mode management IP address
- 62 Configure the Transparent mode default gateway
- 62 Completing the configuration
- 62 Setting the date and time
- 62 Enabling antivirus protection
- 63 Registering your FortiGate unit
- 63 Configuring virus and attack definition updates
- 63 Connecting the FortiGate unit to your networks
- 64 Transparent mode configuration examples
- 65 Default routes and static routes
- 65 Example default route to an external network
- 66 General configuration steps
- 67 Web-based manager example configuration steps
- 67 CLI configuration steps
- 67 Example static route to an external destination
- 68 General configuration steps
- 68 Web-based manager example configuration steps
- 69 CLI configuration steps
- 69 Example static route to an internal destination
- 70 General configuration steps
- 71 Web-based manager example configuration steps
- 71 CLI configuration steps
- 73 High availability
- 74 Configuring an HA cluster
- 74 Configuring FortiGate units for HA operation
- 76 Connecting the cluster
- 78 Adding a new FortiGate unit to a functioning cluster
- 78 Managing an HA cluster
- 79 Configuring cluster interface monitoring
- 80 Viewing the status of cluster members
- 80 Monitoring cluster members
- 82 Viewing cluster sessions
- 82 Viewing and managing cluster log messages
- 83 Monitoring cluster units for failover
- 83 Viewing cluster communication sessions
- 83 Managing individual cluster units
- 84 Changing cluster unit host names
- 85 Synchronizing the cluster configuration
- 86 Upgrading firmware
- 87 Replacing a FortiGate unit after failover
- 87 Advanced HA options
- 87 Selecting a FortiGate unit as a permanent primary unit
- 88 Configuring the priority of each FortiGate unit in the cluster
- 88 Configuring weighted-round-robin weights
- 89 Active-Active cluster packet flow
- 90 NAT/Route mode packet flow
- 90 Configuring switches to work with a NAT/Route mode cluster
- 91 Transparent mode packet flow
- 93 System status
- 94 Changing the FortiGate host name
- 94 Changing the FortiGate firmware
- 95 Upgrading to a new firmware version
- 95 Upgrading the firmware using the web-based manager
- 95 Upgrading the firmware using the CLI
- 96 Reverting to a previous firmware version
- 96 Reverting to a previous firmware version using the web-based manager
- 97 Reverting to a previous firmware version using the CLI
- 99 Installing firmware images from a system reboot using the CLI
- 101 Restoring the previous configuration
- 101 Testing a new firmware image before installing it
- 103 Installing and using a backup firmware image
- 103 Installing a backup firmware image
- 105 Switching to the backup firmware image
- 106 Switching back to the default firmware image
- 106 Manual virus definition updates
- 107 Manual attack definition updates
- 107 Displaying the FortiGate serial number
- 108 Displaying the FortiGate up time
- 108 Displaying log hard disk status
- 108 Backing up system settings
- 108 Restoring system settings
- 109 Restoring system settings to factory defaults
- 109 Changing to Transparent mode
- 110 Changing to NAT/Route mode
- 110 Restarting the FortiGate unit
- 110 Shutting down the FortiGate unit
- 111 System status
- 111 Viewing CPU and memory status
- 112 Viewing sessions and network status
- 113 Viewing virus and intrusions status
- 114 Session list
- 117 Virus and attack definitions updates and registration
- 117 Updating antivirus and attack definitions
- 118 Connecting to the FortiResponse Distribution Network
- 119 Manually initiating antivirus and attack definitions updates
- 120 Configuring update logging
- 120 Scheduling updates
- 120 Enabling scheduled updates
- 121 Adding an override server
- 122 Enabling scheduled updates through a proxy server
- 122 Enabling push updates
- 123 Enabling push updates
- 123 Push updates when FortiGate IP addresses change
- 124 Enabling push updates through a NAT device
- 124 Example: push updates through a NAT device
- 126 Adding a port forwarding virtual IP to the FortiGate NAT device
- 127 Adding a firewall policy for the port forwarding virtual IP
- 127 Configuring the FortiGate unit with an override push IP and port
- 128 Registering FortiGate units
- 129 FortiCare Service Contracts
- 130 Registering the FortiGate unit
- 131 Updating registration information
- 132 Recovering a lost Fortinet support password
- 132 Viewing the list of registered FortiGate units
- 133 Registering a new FortiGate unit
- 133 Adding or changing a FortiCare Support Contract number
- 134 Changing your Fortinet support password
- 134 Changing your contact information or security question
- 135 Downloading virus and attack definitions updates
- 136 Registering a FortiGate unit after an RMA
- 137 Network configuration
- 137 Configuring zones
- 138 Adding zones
- 138 Deleting zones
- 138 Configuring interfaces
- 139 Viewing the interface list
- 139 Changing the administrative status of an interface
- 139 Adding an interface to a zone
- 140 Configuring an interface with a manual IP address
- 140 Configuring an interface for DHCP
- 141 Configuring an interface for PPPoE
- 142 Adding a secondary IP address to an interface
- 142 Adding a ping server to an interface
- 143 Controlling administrative access to an interface
- 144 Changing the MTU size to improve network performance
- 144 Configuring traffic logging for connections to an interface
- 144 Configuring the management interface in Transparent mode
- 145 VLAN overview
- 146 VLANs in NAT/Route mode
- 146 Rules for VLAN IDs
- 146 Rules for VLAN IP addresses
- 147 Adding VLAN subinterfaces
- 147 Virtual domains in Transparent mode
- 149 Virtual domain properties
- 149 Configuring a virtual domain
- 149 Adding a virtual domain
- 150 Adding VLAN subinterfaces to a virtual domain
- 150 Adding zones to virtual domains
- 152 Adding firewall policies for virtual domains
- 152 Adding addresses for virtual domains
- 152 Adding firewall policies for virtual domains
- 153 Deleting virtual domains
- 153 Adding DNS server IP addresses
- 153 Configuring routing
- 154 Adding a default route
- 154 Adding destination-based routes to the routing table
- 155 Adding routes in Transparent mode
- 156 Configuring the routing table
- 156 Policy routing
- 157 Policy routing command syntax
- 157 Configuring DHCP services
- 158 Configuring a DHCP relay agent
- 158 Configuring a DHCP server
- 158 Adding a DHCP server to an interface
- 158 Adding scopes to a DHCP server
- 160 Adding a reserve IP to a DHCP server
- 160 Viewing a DHCP server dynamic IP list
- 161 RIP configuration
- 161 RIP settings
- 163 Configuring RIP for FortiGate interfaces
- 165 Adding RIP filters
- 165 Adding a RIP filter list
- 166 Assigning a RIP filter list to the neighbors filter
- 166 Assigning a RIP filter list to the incoming filter
- 167 Assigning a RIP filter list to the outgoing filter
- 169 System configuration
- 169 Setting system date and time
- 170 Changing system options
- 171 Modifying the Dead Gateway Detection settings
- 172 Adding and editing administrator accounts
- 172 Adding new administrator accounts
- 173 Editing administrator accounts
- 173 Configuring SNMP
- 174 Configuring the FortiGate unit for SNMP monitoring
- 174 Configuring FortiGate SNMP support
- 174 Configuring SNMP access to an interface
- 174 Configuring SNMP community settings
- 176 FortiGate MIBs
- 177 FortiGate traps
- 177 General FortiGate traps
- 177 System traps
- 178 VPN traps
- 178 NIDS traps
- 178 Antivirus traps
- 178 Logging traps
- 179 Fortinet MIB fields
- 179 System configuration and status
- 179 Firewall configuration
- 180 Users and authentication configuration
- 180 VPN configuration and status
- 180 NIDS configuration
- 180 Antivirus configuration
- 180 Web filter configuration
- 181 Logging and reporting configuration
- 181 Replacement messages
- 182 Customizing replacement messages
- 183 Customizing alert emails
- 185 Firewall configuration
- 186 Default firewall configuration
- 187 Interfaces
- 187 VLAN subinterfaces
- 187 Zones
- 188 Addresses
- 188 Services
- 188 Schedules
- 189 Content profiles
- 189 Adding firewall policies
- 190 Firewall policy options
- 190 Source
- 191 Destination
- 191 Schedule
- 191 Service
- 191 Action
- 192 NAT
- 192 VPN Tunnel
- 192 Traffic Shaping
- 193 Authentication
- 193 Anti-Virus & Web filter
- 194 Log Traffic
- 194 Comments
- 195 Configuring policy lists
- 195 Policy matching in detail
- 196 Changing the order of policies in a policy list
- 196 Enabling and disabling policies
- 196 Disabling policies
- 196 Enabling policies
- 197 Addresses
- 197 Adding addresses
- 198 Editing addresses
- 199 Deleting addresses
- 199 Organizing addresses into address groups
- 200 Services
- 200 Predefined services
- 203 Adding custom TCP and UDP services
- 204 Adding custom ICMP services
- 204 Adding custom IP services
- 204 Grouping services
- 205 Schedules
- 206 Creating one-time schedules
- 207 Creating recurring schedules
- 208 Adding schedules to policies
- 208 Virtual IPs
- 209 Adding static NAT virtual IPs
- 210 Adding port forwarding virtual IPs
- 212 Adding policies with virtual IPs
- 213 IP pools
- 213 Adding an IP pool
- 214 IP Pools for firewall policies that use fixed ports
- 214 IP pools and dynamic NAT
- 214 IP/MAC binding
- 215 Configuring IP/MAC binding for packets going through the firewall
- 216 Configuring IP/MAC binding for packets going to the firewall
- 216 Adding IP/MAC addresses
- 217 Viewing the dynamic IP/MAC list
- 217 Enabling IP/MAC binding
- 218 Content profiles
- 219 Default content profiles
- 219 Adding content profiles
- 221 Adding content profiles to policies
- 223 Users and authentication
- 224 Setting authentication timeout
- 224 Adding user names and configuring authentication
- 224 Adding user names and configuring authentication
- 225 Deleting user names from the internal database
- 226 Configuring RADIUS support
- 226 Adding RADIUS servers
- 226 Deleting RADIUS servers
- 227 Configuring LDAP support
- 227 Adding LDAP servers
- 228 Deleting LDAP servers
- 229 Configuring user groups
- 229 Adding user groups
- 230 Deleting user groups
- 231 IPSec VPN
- 232 Key management
- 232 Manual Keys
- 232 Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates
- 232 AutoIKE with pre-shared keys
- 232 AutoIKE with certificates
- 233 Manual key IPSec VPNs
- 233 General configuration steps for a manual key VPN
- 233 Adding a manual key VPN tunnel
- 235 AutoIKE IPSec VPNs
- 235 General configuration steps for an AutoIKE VPN
- 235 Adding a phase 1 configuration for an AutoIKE VPN
- 237 Configuring advanced options
- 240 Adding a phase 2 configuration for an AutoIKE VPN
- 242 Managing digital certificates
- 242 Obtaining a signed local certificate
- 242 Generating the certificate request
- 244 Downloading the certificate request
- 244 Importing the signed local certificate
- 244 Backing up and restoring the local certificate and private key
- 245 Obtaining CA certificates
- 245 Importing CA certificates
- 245 Configuring encrypt policies
- 246 Adding a source address
- 247 Adding a destination address
- 247 Adding an encrypt policy
- 249 IPSec VPN concentrators
- 250 VPN concentrator (hub) general configuration steps
- 251 Adding a VPN concentrator
- 252 VPN spoke general configuration steps
- 253 Redundant IPSec VPNs
- 254 Configuring redundant IPSec VPNs
- 255 Monitoring and Troubleshooting VPNs
- 255 Viewing VPN tunnel status
- 255 Viewing dialup VPN connection status
- 256 Testing a VPN
- 257 PPTP and L2TP VPN
- 257 Configuring PPTP
- 258 Configuring the FortiGate unit as a PPTP gateway
- 260 Configuring a Windows 98 client for PPTP
- 261 Configuring a Windows 2000 client for PPTP
- 261 Configuring a Windows XP client for PPTP
- 263 Configuring L2TP
- 263 Configuring the FortiGate unit as an L2TP gateway
- 265 Configuring a Windows 2000 client for L2TP
- 267 Configuring a Windows XP client for L2TP
- 269 Network Intrusion Detection System (NIDS)
- 269 Detecting attacks
- 270 Selecting the interfaces to monitor
- 270 Disabling monitoring interfaces
- 270 Configuring checksum verification
- 271 Viewing the signature list
- 271 Viewing attack descriptions
- 272 Disabling NIDS attack signatures
- 272 Adding user-defined signatures
- 273 Downloading the user-defined signature list
- 274 Preventing attacks
- 274 Enabling NIDS attack prevention
- 274 Enabling NIDS attack prevention signatures
- 275 Setting signature threshold values
- 276 Logging attacks
- 276 Logging attack messages to the attack log
- 276 Reducing the number of NIDS attack log and email messages
- 276 Automatic message reduction
- 277 Manual message reduction
- 279 Antivirus protection
- 279 General configuration steps
- 280 Antivirus scanning
- 281 File blocking
- 282 Blocking files in firewall traffic
- 282 Adding file patterns to block
- 283 Quarantine
- 283 Quarantining infected files
- 283 Quarantining blocked files
- 284 Viewing the quarantine list
- 284 Sorting the quarantine list
- 285 Filtering the quarantine list
- 285 Deleting files from the quarantine list
- 285 Downloading quarantined files
- 285 Configuring quarantine options
- 286 Blocking oversized files and emails
- 286 Configuring limits for oversized files and email
- 287 Exempting fragmented email from blocking
- 287 Viewing the virus list
- 289 Web filtering
- 289 General configuration steps
- 290 Content blocking
- 290 Adding words and phrases to the Banned Word list
- 291 Clearing the Banned Word list
- 292 Backing up the Banned Word list
- 292 Restoring the Banned Word list
- 293 URL blocking
- 293 Configuring FortiGate Web URL blocking
- 293 Adding URLs to the Web URL block list
- 294 Clearing the Web URL block list
- 295 Downloading the Web URL block list
- 295 Uploading a URL block list
- 296 Configuring FortiGate Web pattern blocking
- 296 Configuring Cerberian URL filtering
- 297 Installing a Cerberian license key
- 297 Adding a Cerberian user
- 297 Configuring Cerberian web filter
- 297 About the default group and policy
- 298 Enabling Cerberian URL filtering
- 299 Script filtering
- 299 Enabling script filtering
- 299 Selecting script filter options
- 300 Exempt URL list
- 300 Adding URLs to the URL Exempt list
- 301 Downloading the URL Exempt List
- 301 Uploading a URL Exempt List
- 303 Email filter
- 303 General configuration steps
- 304 Email banned word list
- 304 Adding words and phrases to the email banned word list
- 305 Downloading the email banned word list
- 305 Uploading the email banned word list
- 306 Email block list
- 306 Adding address patterns to the email block list
- 306 Downloading the email block list
- 307 Uploading an email block list
- 307 Email exempt list
- 308 Adding address patterns to the email exempt list
- 308 Adding a subject tag
- 309 Logging and reporting
- 309 Recording logs
- 310 Recording logs on a remote computer
- 310 Recording logs on a NetIQ WebTrends server
- 311 Recording logs on the FortiGate hard disk
- 312 Recording logs in system memory
- 312 Log message levels
- 313 Filtering log messages
- 314 Configuring traffic logging
- 315 Enabling traffic logging
- 315 Enabling traffic logging for an interface
- 315 Enabling traffic logging for a VLAN subinterface
- 315 Enabling traffic logging for a firewall policy
- 316 Configuring traffic filter settings
- 316 Adding traffic filter entries
- 317 Viewing logs saved to memory
- 317 Viewing logs
- 318 Searching logs
- 318 Viewing and managing logs saved to the hard disk
- 319 Viewing logs
- 319 Searching logs
- 320 Downloading a log file to the management computer
- 320 Deleting all messages from an active log
- 320 Deleting a saved log file
- 321 Configuring alert email
- 321 Adding alert email addresses
- 321 Testing alert email
- 322 Enabling alert email
- 323 Glossary
- 327 Index