autodoc konfiguration fortigate

Fortinet Configuration ReportHostname: FortiGate-310B_Demo_Unit

FortiGate FG310B

Firmware Version 4.00 build092 build date 090220 Report printed on jz-pc at 03/29/09 17:59:00 with autodoc Version 8.10

www.autodoc.ch www.eSafety-Solutions.de AUTODOC SUL

Firewall Report (c) BOLL Engineering AG Page: 1

1. System ConfigurationHost Name: FortiGate-310B_Demo_Unit

System is running in NAT/Route Mode

Def. GW: 192.168.100.1

port2: 192.168.100.99/24 port1: 192.168.1.99/24port4: 10.10.10.1/24port9: 10.10.11.24/24

1.1 Network

1.1.1 Interface

Name IP - Netmask Access Mode Type Logport1 192.168.1.99 255.255.255.0 ping https manual physical port2 192.168.100.99 255.255.255.0 ping manual physical port4 10.10.10.1 255.255.255.0 ping manual physical port9 (Ext_Mgnt) 10.10.11.24 255.255.255.0 ping https ssh

snmp http manual physical

ssl.root manual tunnel

1.1.1.1 Tunnel Interface Configuration

Name Interface IP Remote IP Access Log ssl.root



1.1.2 Options

DNS Server IP Primary 65.39.139.53 Secondary 65.39.139.63 Local Domain Name ''

Dead Gateway Detection Detection Interval 5 seconds Fail-over Detection 5 lost consecutive pings

1.2 Config

1.2.1 Time

Timezone Adjust for Daylight Saving Changes (GMT-08:00) Pacific Time (US&Canada) enable

Set Time Manual

1.2.2 Replacement Messages

Mail Virus message "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been

removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"."

File block message "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been blocked. File quarantined as: \"%%QUARFILENAME%%\"."

Oversized file message This email has been blocked. The email message is larger than the configured file size limit. Fragmented email Fragmented emails are blocked.

Virus message (splice mode) The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined as %%QUARFILENAME%%

File block message (splice mode) The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%% Oversized file message (splice mode) This message is larger than the configured limit and has been blocked.



HTTP Virus message "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to download

the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\". </p><p>URL = http://%%URL%%</p><p>File quarantined as: %%QUARFILENAME%%.</p></BODY></HTML>"

Incection cache message <HTML><BODY><H2>High security alert!!!</h2><p>The URL you requested was previously found to be infected.</p><p>URL = http://%%URL%%</p></BODY></HTML> File block message "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to download the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>" Oversized file message "<HTML><BODY> <h2>Attention!!!</h2><p>The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.</p> <p>URL = http://%%URL%%</p> </BODY></HTML>"

Banned word message <HTML><BODY>The page you requested has been blocked because it contains a banned word. URL = http://%%URL%%</BODY></HTML>

URL block message <HTML><BODY>The URL you requested has been blocked. URL = %%URL%%</BODY></HTML>

Client block "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to upload the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>"

Client anti-virus "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to upload the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\". </p><p>URL = http://%%URL%%</p><p>File quarantined as: %%QUARFILENAME%%.</p></BODY></HTML>"

Client filesize <HTML><BODY> <h2>Attention!!!</h2><p>Your request has been blocked. The request is larger than the configured file size limit.</p> <p>URL = http://%%URL%%</p> </BODY></HTML>

Client banned word <HTML><BODY>The page you uploaded has been blocked because it contains a banned word. URL = http://%%URL%%</BODY></HTML>

FTP Virus message Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File

quarantined as %%QUARFILENAME%%. Blocked message "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." Oversized message File size limit exceeded.

NNTP virus message "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been

removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"."

blocked message The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%% oversize message This article has been blocked. The article is larger than the configured file size limit.

Alert Mail virus message Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP:

%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%%

block message File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%%

intrusion message The following intrusion was observed: %%NIDS_EVENT%%. critical event message The following critical firewall event was detected: %%CRITICAL_EVENT%%. disk full message The log disk is Full.

Spam Email IP Mail from this IP address is not allowed and has been blocked. RBL/ORDBL message HELO/EHLO domain This message has been blocked because the HELO/EHLO domain is invalid. Email address Mail from this email address is not allowed and has been blocked. Mime header This message has been blocked because it contains an invalid header. Returned email domain This message has been blocked because the return email domain is invalid. Banned word This message has been blocked because it contains a banned word. Spam submission message If this email is not spam, click here to submit the signatures to FortiGuard - AntiSpam

Service.



Administration Login Disclaimer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G

Authentication Disclaimer page "<HTML><HEAD><TITLE>Firewall Disclaimer</TITLE></HEAD><BODY><FORM

ACTION=\"/\" method=\"POST\"><INPUT TYPE=\"hidden\" NAME=\"%%MAGICID%%\" VALUE=\"%%MAGICVAL%%\"><INPUT TYPE=\"hidden\" NAME=\"%%ANSWERID%%\" VALUE=\"%%DECLINEVAL%%\"><INPUT TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE border=0 width=\"100%\" height=\"100%\" cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30 bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">DisclaimerAgreement</font></b></TD><TR><TR height=\"100%\"><TD><TABLE border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font size=2 face=\"Times New Roman\">You are about to access Internet content that is not under the control of the network access provider. The network access provider is therefore not responsible for any of these sites, their content or their privacy policies. The network access provider and its staff do not endorse nor make any representations about these sites, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any Internet content, you do this entirely at your own risk and you are responsible for ensuring that any accessed material does not infringe the laws governing, but not exhaustively covering, copyright, trademarks, pornography, or any other material which is slanderous, defamatory or might cause offence in any other way.</font></TD></TR><TR><TD>Do you agree to the above terms?</TD></TR><TR><TD><INPUT CLASS=\"button\" TYPE=\"button\" VALUE=\"Yes, I agree\" ONCLICK=\"agree()\"><INPUT CLASS=\"button\" TYPE=\"button\" VALUE=\"No, I decline\" ONCLICK=\"decline()\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOLANGUAGE=\"JavaScript\">function agree(){document.forms[0].%%ANSWERID%%.value=\"%%AGREEVAL%%\";document.forms[0]decline(){document.forms[0].submit();}</SCRIPT></BODY></HTML>" '' ''

Declined disclaimer page "<HTML><HEAD><TITLE>Firewall Disclaimer Declined</TITLE></HEAD><BODY><FORM ACTION=\"/\" method=\"POST\"><INPUT TYPE=\"hidden\" NAME=\"%%MAGICID%%\" VALUE=\"%%MAGICVAL%%\"><INPUT TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE border=0 width=\"100%\" height=\"100%\" cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30 bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">DisclaimerDeclined</font></b></TD><TR><TR height=\"100%\"><TD><TABLE border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font size=2 face=\"Times New Roman\">Sorry, network access cannot be granted unless you agree to the disclaimer.</font></TD><TR><TR><TD></TD><TD><INPUT TYPE=\"submit\" VALUE=\"Return to Disclaimer\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FORM></BO

Login page "<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD><BODY><FORM ACTION=\"/\" method=\"POST\"><INPUT TYPE=\"hidden\" NAME=\"%%MAGICID%%\" VALUE=\"%%MAGICVAL%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE border=0 cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30 bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">Authentication Required</font></b></TD></TR><TR><TD><TABLE border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font size=2 face=\"Times New Roman\">%%QUESTION%%</font></TD></TR><TR><TD><font size=2 face=\"Times New Roman\">Username:</font></TD><TD><INPUT TYPE=\"text\" NAME=\"%%USERNAMEID%%\" size=25></TD></TR><TR><TD><font size=2 face=\"Times New Roman\">Password:</font></TD><TD><INPUT TYPE=\"password\" NAME=\"%%PASSWORDID%%\" size=25></TD></TR><TR><TD><INPUT TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><INPUT TYPE=\"submit\" VALUE=\"Continue\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOR

Login failed page "<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD><BODY><FORM ACTION=\"/\" method=\"POST\"><INPUT TYPE=\"hidden\" NAME=\"%%MAGICID%%\" VALUE=\"%%MAGICVAL%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE border=0 cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30 bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">Authentication Failed</font></b></TD></TR><TR><TD><TABLE border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font size=2 face=\"Times New Roman\">%%FAILED_MESSAGE%%</font></TD></TR><TR><TD><font size=2 face=\"Times New Roman\">Username:</font></TD><TD><INPUT TYPE=\"text\" NAME=\"%%USERNAMEID%%\" size=25></TD></TR><TR><TD><font size=2 face=\"Times New Roman\">Password:</font></TD><TD><INPUT TYPE=\"password\" NAME=\"%%PASSWORDID%%\" size=25></TD></TR><TR><TD><INPUT TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><INPUT TYPE=\"submit\" VALUE=\"Continue\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOR

Login challenge page Keepalive page "<HTML>



FortiGuard Web Filtering URL block message "<html><head><title>Web Filter Violation</title></head><body><font size=2><table

width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#ff6600 align=\"center\" colspan=2><font color=#ffffff><b>Web Page Blocked</b></font></td></tr></table><br><br>You have tried to access a web page which is in violation of your internet usage policy.<br><br>URL: %%URL%%<br>Category: %%CATEGORY%%<br><br>Tohave the rating of this web page re-evaluated <u><a href=\"%%FTGD_RE_EVAL%%\">please click here</a></u>.<br>%%OVERRIDE%%<br><hr><br>Powered by %%SERVICE%%.</font></body></html>" HTTP error message "<html><head><title>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</title></head><body><font size=2><table width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\" colspan=2><font color=#ffffff><b>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</b></font></td></tr></table><br><br>The webserver for %%URL%% reported that an error occurred while trying to access the website. Please click <u><a onclick=\"history.back()\">here</a></u> to return to the previous page.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"

FortiGuard Web Filtering override form "<html><head><title>Web Filter Block Override</title></head><body><font size=2><table width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\" colspan=2><font color=#ffffff><b>Web Filter Block Override</b></font></td></tr><tr><tdcolspan=2><br><br>If you have been granted override creation privileges by your administrator, you can enter your username and password here to gain immediate access to the blocked web-page. If you do not have these privileges, please contact your administrator to gain access to the web-page.<br><br></td></tr><tr><td align=\"center\" colspan=2>%%OVRD_FORM%%</td></tr></table><br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"

IM and P2P File block message "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." File name block message "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the configured file

name block list." Virus message "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the virus

%%VIRUS%%. File quarantined as %%QUARFILENAME%%." Oversized file message "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the configured limit." Voice chat block message Connection failed. You are not permitted to use voice chat. Photo share block message Photo sharing failed. You are not permitted to share photo.

SSL VPN SSL VPN login message "<html><head><title>login</title><meta http-equiv=\"Pragma\"

content=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"must-revalidate\"><link href=\"/sslvpn/css/login.css\" rel=\"stylesheet\" type=\"text/css\"><script language=\"JavaScript\"></script></head><body class=\"main\"><center><table width=\"100%\" height=\"100%\" align=\"center\" class=\"container\" valign=\"middle\" cellpadding=\"0\" cellspacing=\"0\"><tr valign=middle><td><form action=\"%%SSL_ACT%%\" method=\"%%SSL_METHOD%%\" name=\"f\"><table class=\"list\" cellpadding=10 cellspacing=0 align=center width=400 height=180>%%SSL_LOGIN%%</table>%%SSL_HIDDEN%%</td></tr></table></form></center

1.3 Admin

1.3.1 Administrators

Adminstrator Permission Type VDOM Trusted Host #1 / #2 / #3 Schedule admin super_admin regular root 0.0.0.0/0 0.0.0.0/0 127.0.0.1/32 always demo demo_profile regular root 0.0.0.0/0 0.0.0.0/0 127.0.0.1/32 always seuser SE_Profile regular root 0.0.0.0/0 0.0.0.0/0 127.0.0.1/32 always



1.3.2 Access Profile

prof_admin Access Control Rights Maintenance read-write Admin Users read-write FortiGuard Update read-write Auth Users read-write System Configuration read-write Network Configuration read-write Webfilter Configuration none Spamfilter Configuration none Antivirus Configuration none IPS Configuration none Router Configuration read-write VPN Configuration read-write Firewall Configuration read-write Log & Report read-write

demo_profile Access Control Rights Maintenance read Admin Users read FortiGuard Update read Auth Users read-write System Configuration read Network Configuration read Webfilter Configuration none Spamfilter Configuration none Antivirus Configuration none IPS Configuration none Router Configuration read VPN Configuration read-write Firewall Configuration read-write Log & Report read-write

SE_Profile Access Control Rights Maintenance read-write Admin Users read FortiGuard Update read-write Auth Users read-write System Configuration read Network Configuration read Webfilter Configuration none Spamfilter Configuration none Antivirus Configuration none IPS Configuration none Router Configuration read-write VPN Configuration read-write Firewall Configuration read-write Log & Report read-write



1.3.3 Settings

Parameter Key Administration Ports HTTP 80 HTTPS 443 SSLVPN Login Port 10443 SSH 22 Telnet 23 Timeout Settings Idle Timeout 5 Auth Timeout Display Settings Language English Lines Per Page 50 Virtual Domain Configuration disable

1.4 Maintenance

1.4.1 USB Auto-Install

Paramater Key Update Fortigate Configuration at restart Yes - use config file name fgt_system.conf Update Fortigate Firmware at restart Yes - use firmware file name image.out

1.4.2 FortiGuard Center

AntiVirus and IPS Options Use override Server Address No Allow Push Update No Scheduled Update No

Web Filtering and AntiSpam Options Web Filter Service disable Anti Spam Service disable AV Query Service disable Use Port 53

Management Service Options Account ID mktgdemo

2. Router2.1 Static Routes

# Destination IP / Mask Gateway Device Distance Priority 1 0.0.0.0 0.0.0.0 192.168.100.1 port2 10 0 2 0.0.0.0 0.0.0.0 172.30.7.254 port10(Int_Mgnt) 10 0 3 0.0.0.0 0.0.0.0 10.10.11.254 port9(Ext_Mgnt) 10 0



2.2 RIP

2.2.1 General

Parameter Value RIP Version 2 Default Metric 1 Default-information-originate disable RIP Timers Update 30 sec.; Timeout 180 sec.; Garbage 120 sec. Redistribute connected: disabled static: disabled ospf: disabled bgp: disabled



3. Firewall3.1 Policy Overview

3.1.1 any -> any

ID Source Destination Schedule Service Action NAT Anti-Virus Log Status 8 Any Any always ANY deny enable enable

3.1.2 port1 -> port2

ID Source Destination Schedule Service Action NAT Anti-Virus Log Status 5 Bob anygroup always NTP accept enable enable


ID Source Destination Schedule Service Action NAT Anti-Virus Log Status 7 Block Any always "DNS, HTTP,

HTTPS, NTP"accept enable YYYY enable


ID Source Destination Schedule Service Action NAT Anti-Virus Log Status 4 AddressLocal AddressPeer always ANY ipsec enable enable


ID Source Destination Schedule Service Action NAT Anti-Virus Log Status 6 Any binding always FTP accept enable enable

3.2 Policy Detail

3.2.1 any -> any

ID 8 Source Any Subnet 0.0.0.0/0 Destination Any Subnet 0.0.0.0/0 Schedule always Recurring Schedule: sunday monday tuesday wednesday thursday

friday saturday Service ANY Predefined Service Action deny Log enable Comments deny rule to end




ID 5 Source Bob IP 10.1.1.54 Destination anygroup Address Group: Any Schedule always Recurring Schedule: sunday monday tuesday wednesday thursday

friday saturday Service NTP Predefined Service Action accept Protection Profile Not activated Log enable Comments test rule


ID 7 Source Block Subnet 0.0.0.0/0 Destination Any Subnet 0.0.0.0/0 Schedule always Recurring Schedule: sunday monday tuesday wednesday thursday

friday saturday Service "DNS, HTTP, HTTPS, NTP" Multiple Services Action accept NAT enable Dynamic IP Pool: disabled; Fixed Port: disabled Protection Profile YYYY Log disable


ID 4 Source AddressLocal IP 10.3.4.5 Destination AddressPeer IP 192.168.4.2 Schedule always Recurring Schedule: sunday monday tuesday wednesday thursday

friday saturday Service ANY Predefined Service Action ipsec VPN Tunnel Tunnel Allow inbound Allow outbound; Protection Profile Not activated Log enable


ID 6 Source Any Subnet 0.0.0.0/0 Destination binding Static NAT (VIP): port2/125.35.45.15 -> 172.16.1.2 Schedule always Recurring Schedule: sunday monday tuesday wednesday thursday

friday saturday Service FTP Predefined Service Action accept NAT enable Dynamic IP Pool: disabled; Fixed Port: disabled Protection Profile Not activated Log disable



3.3 Addresses & Groups

3.3.1 Address

Type Adress Name Value Interface IP Bob 10.1.1.54 AddressPeer 192.168.4.2 AddressLocal 10.3.4.5 Peter 10.10.1.1 santhi 125.35.45.15 ftp 172.16.1.2 toll1 172.16.1.20 SUBNET Any 0.0.0.0 0.0.0.0 sdf 0.0.0.0 0.0.0.0 dergham 192.168.250.0 255.255.255.0 port4

3.3.2 Address-Groups

Group Name Member dergham2 "Any" "Bob" anygroup Any

3.4 Services

3.4.1 Custom Services

Service Name Detail sqlnet TCP: 1526-1526:1-65535 Checkpoint UDP: 500-500:500-500 DIXICHENG TCP: 6000-6000:1-65535 NExT IP: 4

3.4.2 Service Group

Group Name Members dddd "FTP" "OSPF" "UDP" AWP MYSQL abc AH

3.5 Schedule

3.5.1 One-time Schedules

Name Start End 3mart 00:00 2009/03/01 00:00 2009/03/30

3.5.2 Recurring Schedules

Name Day Start Stop always sunday monday tuesday wednesday thursday friday saturday 00:00 00:00 Business Afternoon monday tuesday wednesday thursday friday 13:00 05:30



3.6 Virtual IP

3.6.1 Virtual IP

Name Type Interface / IP / Port Map to IP / Port HTTP Multiplexing sever test1 server-load-balance port2 / 10.10.10.10 Real Server:Port Interval (Dead/Wake) Weight Health Check 20.20.20.20:80 10/10 1 30.30.30.30:80 10/10 1

prova static-nat port2 / 100.155.150.11 172.20.10.200 mail static-nat port2 / 203.131.67.18 / 441(tcp) 192.168.0.2 / 441 binding static-nat port2 / 125.35.45.15 172.16.1.2 toll static-nat port2 / 125.35.45.20 172.16.1.10

3.6.2 Health Check Monitor

Name Type Details Interval / Timeout / Retry server test health http URL (http:\\\\10.10.10.10) Match () port (80) 10 / 2 / 3

3.6.3 IP Pool

Name Interface Start IP End IP asdasda port1 0.0.0.0 0.0.0.0 1321 port5 192.168.0.1 192.168.0.1 dmz-1 port2 192.168.100.98 192.168.100.255 dmz-2 port2 192.168.100.97 192.168.100.97 adfdfsd port1 1.0.0.0 2.0.0.0

3.7 Protection Profile



3.7.1 Sales

Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options Virus Scan enable File Filter Quarantine Pass Fragmented Emails enable enable enable Comfort Clients Oversized File/Email) pass pass pass pass pass pass Threshold (MB) 1 10 10 10 10 10 Splice enable enable

Add signature to outgoing emails disable

Web Filtering HTTP HTTPS Options Web Content Block - Threshold: 10 Web Content Exempt Web URL Filter Web ActiveX Filter Web Cookie Filter Web Java Applet Filter Web Resume Download Block Block invalid URLs Allow unknown SSL session IDs

Web Category Filtering HTTP HTTPS Options Enable FortiGuard Web Filtering Enable FortiGuard Web Filtering Overrides Details for blocked HTTP 4xx and 5xx errors Rate images by URL Allow websites when a rating error occurs Strict blocking enable enable Rate URLs by domain and IP address

Spam Filtering IMAP POP3 SMTP Options FortiGuard Anti-spam IP address check URL check E-mail checksum check Spam submission enable enable enable IP address BWL check HELO DNS lookup E-mail address BWL check Return e-mail DNS check Banned word check - Threshold: 10 Spam Action tag tag discard Append to: Subject Subject Subject Append with: Spam Spam Spam

IPS Critical High Medium Low InformationIPS Signature IPS Anomaly



Content/Archive HTTP HTTPS FTP IMAP POP3 SMTP Display content meta-information on dashboard enable enable enable enable enable enable Archive content meta-information to FortiAnalyzer None None None None None None Archive a copy of all files transferred Log emails to FortiAnalyzer

AIM ICQ MSN Yahoo! Archive IM summary information to FortiAnalyzer Archive full IM chat information to FortiAnalyzer

IM AIM ICQ MSN Yahoo! Enabled Block Login Block File Transfers Block Audio Inspect Non-standard Port

BitTorrenteDonkey Gnutella KaZaa Skype WinNY Action pass pass pass pass pass pass Limit (KBytes/s)

Logging AV Web Filtering FortiGuard Web Filtering Spam Filtering IPS IM/P2P VoIP



3.7.2 nae

Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options Virus Scan enable File Filter Quarantine Pass Fragmented Emails enable enable enable Comfort Clients Oversized File/Email) pass pass pass pass pass pass Threshold (MB) 10 10 10 10 10 10 Splice enable enable















3.7.3 webblock

Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options Virus Scan File Filter Quarantine Pass Fragmented Emails enable enable enable Comfort Clients Oversized File/Email) pass pass pass pass pass pass Threshold (MB) 10 10 10 10 10 10 Splice enable enable


Web Filtering HTTP HTTPS Options Web Content Block - Threshold: 10 Web Content Exempt Web URL Filter webblock Web ActiveX Filter Web Cookie Filter Web Java Applet Filter Web Resume Download Block Block invalid URLs Allow unknown SSL session IDs













3.7.4 YYYY

Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options Virus Scan enable enable enable enable enable enable File Filter Quarantine Pass Fragmented Emails enable enable enable Comfort Clients Oversized File/Email) pass pass pass pass pass pass Threshold (MB) 10 10 10 10 10 10 Splice enable enable















3.7.5 deneme
















3.7.6 bfg
















3.7.7 testmio
















4. VPN4.1 IPSec

4.1.1 AutoKey - Tunnel Mode

Phase 1 Remote Gateway Local IF Proposal Tunnel Static/10.7.3.4 port1 MM / aes256-sha1 aes128-sha1 /

DH: 2 Auth-Method: Preshared Key XAuth: disable Peer Options: Accept any peer ID Local ID: Keylife: 86400 Dead Peer Detection: disable Nat-traversal: disable

Phase 2 Proposal Selectors TunnelIPSEC aes256-sha1 aes128-sha1 / without PFS Src: 192.168.1.1:0 - Dst: 0.0.0.0/0:0 - Protocol: 0 Replay Detection: disable Autokey Keep Alive: enable Keylife: 3600 sec DHCP-IPsec: disable Auto-negotiate: disable Single-Source: disable

Phase 1 Remote Gateway Local IF Proposal ippolisy Static/41.11.10.1 port9 MM / 3des-sha1 aes128-sha1 / DH:

5 Auth-Method: Preshared Key XAuth: disable Peer Options: Accept any peer ID Local ID: Keylife: 28800 Dead Peer Detection: disable Nat-traversal: disable

Phase 1 Remote Gateway Local IF Proposal phase1_home_office Static/92.156.34.0 port1 AG / 3des-sha1 aes128-sha1 / DH:

5 Auth-Method: Preshared Key XAuth: disable Peer Options: Accept any peer ID Local ID: Keylife: 28800 Dead Peer Detection: disable Nat-traversal: disable

4.1.2 Concentrator

Concentrator Name Members TunnelCon Tunnel

4.2 SSL-VPN

4.2.1 Config

Login Port Tunnel IP Range Server Certificate Client Certificate Enc.-Alg. Idle Timeout 10443 10.0.0.20-10.0.0.80 self-sign not required default 300 sec Portal Message Authentication Timeout 28800 sec SSLv2 disable



5. User5.1 Local User

User Name Type Status user1 Local enabled cwindsor LDAP-Server: test2 enabled test Local enabled ricardo Local enabled user2 Local enabled

5.2 LDAP

Name Server Name/IP Port CN Identifier Distinguished Name test2 192.168.1.146 389 wut

5.3 User Group

Group Name Type Members Protection ProfileAdditional FSAE_Guest_Users Directory Service

group1 Firewall user1 fcv Firewall group Firewall "user1" "user2" ssl SSL VPN "cwindsor" "user1"

CD SSL VPN

Grupo_SSL SSL VPN "ricardo" "test2"

5.4 Authentication Settings

Parameter Value Authentication Timeout 5 minutes Protocol Support http https ftp telnet Certificate self-sign



6. Anti-Virus6.1 Antivirus Internal Settings

Options HTTP FTP IMAP POP3 SMTP IM NNTP Scanned Ports Scan Bzip2 disable disable disable disable disable disable disable Scan Depth for compressed files 12 12 12 12 12 12 12 Max. uncompressed file size (MB) 10 10 10 10 10 10 10

6.2 File Pattern

Filepattern List test123

Pattern Filter Type File Type Action Enabled for exe type exe block imap smtp pop3 http ftp im nntp

imaps smtps pop3s https mp3 pattern block imap smtp pop3 http ftp im nntp

imaps smtps pop3s https sis type sis block imap smtp pop3 http ftp im nntp

imaps smtps pop3s https

Filepattern List exe

Pattern Filter Type File Type Action Enabled for exe type exe block imap smtp pop3 http ftp im nntp

imaps smtps pop3s https .exe pattern block imap smtp pop3 http ftp im nntp


Filepattern List HIT TEST

Pattern Filter Type File Type Action Enabled for cod type cod block imap smtp pop3 http ftp im nntp


Filepattern List xiech

Comment: muma

Pattern Filter Type File Type Action Enabled for

Filepattern List test

Pattern Filter Type File Type Action Enabled for .exe pattern block imap smtp pop3 http ftp im nntp

imaps smtps pop3s https .com pattern block imap smtp pop3 http ftp im nntp

imaps smtps pop3s https exe type exe block imap smtp pop3 http ftp im nntp




6.3 Quarantine

6.3.1 Config

Options HTTP FTP IMAP POP3 SMTP IM NNTP Quarantine Infected Files Quarantine Suspicious Files Quarantine Blocked Files

Parameter Value Age Limits 0 Max Filesize to Quarantine 40 Quarantine To Disk Low Disk Space overwrite oldest file

Parameter Value Enable AutoSubmit disable

6.4 Grayware

Category Status Adware enable Dial enable Game enable Joke P2P Spy Keylog Hijacker Plugin NMT RAT Misc BHO enable Toolbar Download enable HackerTool enable

7. Intrusion Protection

8. Web Filter8.1 Web Content Block

Banned Word List: test

Comment: test

Pattern Pattern Type Language Score Status 10.10.10.1 regexp western 10 enable



8.2 Web Content Exempt

Banned Word Exempt List: test_list

Comment: test_list

Pattern Pattern Type Language Status

8.3 URL Filter

URL Filter List: test_url

Comment: test_url

URL Action Type Status ik block simple enable

URL Filter List: URLT10

URL Action Type Status www.block.com block simple enable

URL Filter List: webblock

URL Action Type Status www.thaicybergames.com block simple enable

8.4 FortiGuard - Web Filter

8.4.1 Local Categories

Local Category Name a1

9. Spam Filter9.1 Banned Word

Banned Word List test

Num Pattern Pattern Type Language Where Score Status

9.2 IP Address Black/White List

IP Address List iptest

Num IP Address / Mask Action Status

9.3 Email Address Black/White List

Email Address List 123

Num Pattern Pattern Type Action Status



10. IMUser Protocol Policy [email protected] YAHOO permit

Unknown Users MSN Yahoo! AIM ICQ deny deny deny deny

11. Log11.1 Log Setting

FortiAnalyzer IP Log Level Encryption LocalID 1 disabled 2 disabled 3 disabled

Syslog Server IP:Port Log Level Facility CSV 1 209.87.230.134:514 alert local7 enable 2 disabled 3 disabled

WebTrends IP Log Level disabled

Memory Log Level Action when memory is reaching its capacity enabled debug overwrite

11.2 Event Log Filter

Event Category Log System activity event enable IPSec negotiation event enable DHCP service event disable L2TP/PPTP/PPPoE service event enable Admin event enable HA activity event enable Firewall authentication event enable Pattern update event enable SSL VPN user authentication event enable SSL VPN administration event enable SSL VPN session event enable

Documents

autodoc konfiguration fortigate