Autodoc Konfiguration Fortigate

Fortinet Configuration Report
Hostname: FortiGate-310B_Demo_Unit
FortiGate FG310B
Firmware Version 4.00 build092 build date 090220
Report printed on jz-pc at 03/29/09 17:59:00 with autodoc Version 8.10

www.autodoc.ch www.eSafety-Solutions.de AUTODOC SUL
1. System Configuration
Host Name: FortiGate-310B_Demo_Unit
System is running in NAT/Route Mode
Def. GW: 192.168.100.1
port2: 192.168.100.99/24 port1: 192.168.1.99/24

port4: 10.10.10.1/24
port9: 10.10.11.24/24
1.1 Network
1.1.1 Interface
Name IP - Netmask Access Mode Type Log
port1 192.168.1.99 255.255.255.0 ping https manual physical
port2 192.168.100.99 255.255.255.0 ping manual physical
port4 10.10.10.1 255.255.255.0 ping manual physical
port9 (Ext_Mgnt) 10.10.11.24 255.255.255.0 ping https ssh manual physical
snmp http
ssl.root manual tunnel
1.1.1.1 Tunnel Interface Configuration

Name Interface IP Remote IP Access Log
ssl.root
Firewall Report (c) BOLL Engineering AG Page: 1

1.1.2 Options
DNS Server IP
Primary 65.39.139.53
Secondary 65.39.139.63
Local Domain Name ''
Dead Gateway Detection

Detection Interval 5 seconds
Fail-over Detection 5 lost consecutive pings
1.2 Config
1.2.1 Time
Timezone Adjust for Daylight Saving Changes
(GMT-08:00) Pacific Time (US&Canada) enable
Set Time
Manual
1.2.2 Replacement Messages

Mail
Virus message "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been
removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File
quarantined as: \"%%QUARFILENAME%%\"."
File block message "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been
blocked. File quarantined as: \"%%QUARFILENAME%%\"."
Oversized file message This email has been blocked. The email message is larger than the configured file size
Fragmented email limit.
Fragmented emails are blocked.
Virus message (splice mode) The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined
as %%QUARFILENAME%%
File block message (splice mode) The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%
Oversized file message (splice mode) This message is larger than the configured limit and has been blocked.

HTTP
Virus message "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to download
the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
</p><p>URL = http://%%URL%%</p><p>File quarantined as:
%%QUARFILENAME%%.</p></BODY></HTML>"
Incection cache message <HTML><BODY><H2>High security alert!!!</h2><p>The URL you requested was
previously found to be infected.</p><p>URL =
File block message http://%%URL%%</p></BODY></HTML>
"<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to
download the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY>
Oversized file message </HTML>"
"<HTML><BODY> <h2>Attention!!!</h2><p>The file \"%%FILE%%\" has been blocked.
The file is larger than the configured file size limit.</p> <p>URL =
http://%%URL%%</p> </BODY></HTML>"
Banned word message <HTML><BODY>The page you requested has been blocked because it contains a
banned word. URL = http://%%URL%%</BODY></HTML>
URL block message <HTML><BODY>The URL you requested has been blocked. URL =
%%URL%%</BODY></HTML>
Client block "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to upload
the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>"
Client anti-virus "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to upload
the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
</p><p>URL = http://%%URL%%</p><p>File quarantined as:
%%QUARFILENAME%%.</p></BODY></HTML>"
Client filesize <HTML><BODY> <h2>Attention!!!</h2><p>Your request has been blocked. The
request is larger than the configured file size limit.</p> <p>URL =
http://%%URL%%</p> </BODY></HTML>
Client banned word <HTML><BODY>The page you uploaded has been blocked because it contains a
banned word. URL = http://%%URL%%</BODY></HTML>
FTP
Virus message Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File
quarantined as %%QUARFILENAME%%.
Blocked message "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
Oversized message File size limit exceeded.
NNTP
virus message "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been
removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File
quarantined as: \"%%QUARFILENAME%%\"."
blocked message The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%
oversize message This article has been blocked. The article is larger than the configured file size limit.
Alert Mail
virus message Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP:
%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From:
%%EMAIL_FROM%% Email Address To: %%EMAIL_TO%%
block message File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP:
%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From:
%%EMAIL_FROM%% Email Address To: %%EMAIL_TO%%
intrusion message The following intrusion was observed: %%NIDS_EVENT%%.
critical event message The following critical firewall event was detected: %%CRITICAL_EVENT%%.
disk full message The log disk is Full.
Spam
Email IP Mail from this IP address is not allowed and has been blocked.
RBL/ORDBL message
HELO/EHLO domain This message has been blocked because the HELO/EHLO domain is invalid.
Email address Mail from this email address is not allowed and has been blocked.
Mime header This message has been blocked because it contains an invalid header.
Returned email domain This message has been blocked because the return email domain is invalid.
Banned word This message has been blocked because it contains a banned word.
Spam submission message If this email is not spam, click here to submit the signatures to FortiGuard - AntiSpam
Service.

Administration
Login Disclaimer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G
Authentication
Disclaimer page "<HTML><HEAD><TITLE>Firewall Disclaimer</TITLE></HEAD><BODY><FORM
ACTION=\"/\" method=\"POST\"><INPUT TYPE=\"hidden\" NAME=\"%%MAGICID%%\"
VALUE=\"%%MAGICVAL%%\"><INPUT TYPE=\"hidden\"
NAME=\"%%ANSWERID%%\" VALUE=\"%%DECLINEVAL%%\"><INPUT
TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><TABLE
ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0
bgcolor=\"#008080\"><TR><TD><TABLE border=0 width=\"100%\" height=\"100%\"
cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">Disclaimer
Agreement</font></b></TD><TR><TR height=\"100%\"><TD><TABLE border=0
cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font
size=2 face=\"Times New Roman\">You are about to access Internet content that is not
under the control of the network access provider. The network access provider is
therefore not responsible for any of these sites, their content or their privacy policies.
The network access provider and its staff do not endorse nor make any representations
about these sites, or any information, software or other products or materials found
there, or any results that may be obtained from using them. If you decide to access any
Internet content, you do this entirely at your own risk and you are responsible for
ensuring that any accessed material does not infringe the laws governing, but not
exhaustively covering, copyright, trademarks, pornography, or any other material which
is slanderous, defamatory or might cause offence in any other
way.</font></TD></TR><TR><TD>Do you agree to the above
terms?</TD></TR><TR><TD><INPUT CLASS=\"button\" TYPE=\"button\"
Declined disclaimer page VALUE=\"Yes, I agree\" ONCLICK=\"agree()\"><INPUT
"<HTML><HEAD><TITLE>Firewall Disclaimer CLASS=\"button\"
TYPE=\"button\" VALUE=\"No, I decline\"
Declined</TITLE></HEAD><BODY><FORM ACTION=\"/\" method=\"POST\"><INPUT
ONCLICK=\"decline()\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FO
TYPE=\"hidden\" NAME=\"%%MAGICID%%\" VALUE=\"%%MAGICVAL%%\"><INPUT
LANGUAGE=\"JavaScript\">function
TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><TABLE
agree(){document.forms[0].%%ANSWERID%%.value=\"%%AGREEVAL%%\";document.forms[0]
ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0
decline(){document.forms[0].submit();}</SCRIPT></BODY></HTML>"
bgcolor=\"#008080\"><TR><TD><TABLE border=0 width=\"100%\" height=\"100%\"
'' ''
cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">Disclaimer
Declined</font></b></TD><TR><TR height=\"100%\"><TD><TABLE border=0
cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font
size=2 face=\"Times New Roman\">Sorry, network access cannot be granted unless
Login page you agree to the disclaimer.</font></TD><TR><TR><TD></TD><TD><INPUT
"<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD><BODY><FORM
TYPE=\"submit\"
ACTION=\"/\" method=\"POST\"><INPUT
VALUE=\"Return to TYPE=\"hidden\" NAME=\"%%MAGICID%%\"
Disclaimer\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FORM></BO
VALUE=\"%%MAGICVAL%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250
cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE
border=0 cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\"
color=\"#ffffff\">Authentication Required</font></b></TD></TR><TR><TD><TABLE
border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD
colspan=2><font size=2 face=\"Times New
Roman\">%%QUESTION%%</font></TD></TR><TR><TD><font size=2 face=\"Times
New Roman\">Username:</font></TD><TD><INPUT TYPE=\"text\"
NAME=\"%%USERNAMEID%%\" size=25></TD></TR><TR><TD><font size=2
face=\"Times New Roman\">Password:</font></TD><TD><INPUT TYPE=\"password\"
Login failed page NAME=\"%%PASSWORDID%%\" size=25></TD></TR><TR><TD><INPUT
"<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD><BODY><FORM
TYPE=\"hidden\"
ACTION=\"/\" method=\"POST\"><INPUT
NAME=\"%%REDIRID%%\" TYPE=\"hidden\"
VALUE=\"%%PROTURI%%\"><INPUT
NAME=\"%%MAGICID%%\"
TYPE=\"submit\"
VALUE=\"%%MAGICVAL%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250
VALUE=\"Continue\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOR
cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE
border=0 cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\"
color=\"#ffffff\">Authentication Failed</font></b></TD></TR><TR><TD><TABLE
border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD
colspan=2><font size=2 face=\"Times New
Roman\">%%FAILED_MESSAGE%%</font></TD></TR><TR><TD><font size=2
face=\"Times New Roman\">Username:</font></TD><TD><INPUT TYPE=\"text\"
NAME=\"%%USERNAMEID%%\" size=25></TD></TR><TR><TD><font size=2
face=\"Times New Roman\">Password:</font></TD><TD><INPUT TYPE=\"password\"
Login challenge page NAME=\"%%PASSWORDID%%\" size=25></TD></TR><TR><TD><INPUT
Keepalive page TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><INPUT
"<HTML>
TYPE=\"submit\"
VALUE=\"Continue\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOR

FortiGuard Web Filtering

URL block message "<html><head><title>Web Filter Violation</title></head><body><font size=2><table
width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td
align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#ff6600 align=\"center\"
colspan=2><font color=#ffffff><b>Web Page
Blocked</b></font></td></tr></table><br><br>You have tried to access a web page
which is in violation of your internet usage
policy.<br><br>URL: %%URL%%<br>Category: %%CATEGORY%%<br><br>To
have the rating of this web page re-evaluated <u><a
href=\"%%FTGD_RE_EVAL%%\">please click
here</a></u>.<br>%%OVERRIDE%%<br><hr><br>Powered by
HTTP error message %%SERVICE%%.</font></body></html>"
"<html><head><title>%%HTTP_ERR_CODE%%
%%HTTP_ERR_DESC%%</title></head><body><font size=2><table
width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td
align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\"
colspan=2><font color=#ffffff><b>%%HTTP_ERR_CODE%%
%%HTTP_ERR_DESC%%</b></font></td></tr></table><br><br>The webserver for
%%URL%% reported that an error occurred while trying to access the website. Please
click <u><a onclick=\"history.back()\">here</a></u> to return to the previous
page.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"
FortiGuard Web Filtering override form "<html><head><title>Web Filter Block Override</title></head><body><font
size=2><table width=\"100%\"><tr><td>%%FORTIGUARD_WF%%</td><td
align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\"
colspan=2><font color=#ffffff><b>Web Filter Block Override</b></font></td></tr><tr><td
colspan=2><br><br>If you have been granted override creation privileges by your
administrator, you can enter your username and password here to gain immediate
access to the blocked web-page. If you do not have these privileges, please contact
your administrator to gain access to the web-page.<br><br></td></tr><tr><td
align=\"center\"
colspan=2>%%OVRD_FORM%%</td></tr></table><br><br><hr><br>Powered by
%%SERVICE%%.</font></body></html>"
IM and P2P
File block message "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
File name block message "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the configured file
name block list."
Virus message "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the virus
%%VIRUS%%. File quarantined as %%QUARFILENAME%%."
Oversized file message "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the configured limit."
Voice chat block message Connection failed. You are not permitted to use voice chat.
Photo share block message Photo sharing failed. You are not permitted to share photo.
SSL VPN
SSL VPN login message "<html><head><title>login</title><meta http-equiv=\"Pragma\"
content=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><meta
http-equiv=\"cache-control\" content=\"must-revalidate\"><link
href=\"/sslvpn/css/login.css\" rel=\"stylesheet\" type=\"text/css\"><script
language=\"JavaScript\"></script></head><body
class=\"main\"><center><table width=\"100%\" height=\"100%\" align=\"center\"
class=\"container\" valign=\"middle\" cellpadding=\"0\" cellspacing=\"0\"><tr
valign=middle><td><form action=\"%%SSL_ACT%%\"
1.3 Admin method=\"%%SSL_METHOD%%\" name=\"f\"><table class=\"list\" cellpadding=10
cellspacing=0 align=center width=400
1.3.1 Administrators height=180>%%SSL_LOGIN%%</table>%%SSL_HIDDEN%%</td></tr></table></form></center
Adminstrator Permission Type VDOM Trusted Host #1 / #2 / #3 Schedule

admin super_admin regular root 0.0.0.0/0 0.0.0.0/0 127.0.0.1/32 always
demo demo_profile regular root 0.0.0.0/0 0.0.0.0/0 127.0.0.1/32 always
seuser SE_Profile regular root 0.0.0.0/0 0.0.0.0/0 127.0.0.1/32 always

1.3.2 Access Profile

prof_admin Access Control Rights
Maintenance read-write
Admin Users read-write
FortiGuard Update read-write
Auth Users read-write
System Configuration read-write
Network Configuration read-write
Webfilter Configuration none
Spamfilter Configuration none
Antivirus Configuration none
IPS Configuration none
Router Configuration read-write
VPN Configuration read-write
Firewall Configuration read-write
Log & Report read-write
demo_profile Access Control Rights

Maintenance read
Admin Users read
FortiGuard Update read
System Configuration read
Network Configuration read
Router Configuration read
SE_Profile Access Control Rights

Maintenance read-write
Admin Users read
FortiGuard Update read-write
System Configuration read
Network Configuration read
Router Configuration read-write

1.3.3 Settings
Parameter Key
Administration Ports HTTP 80
HTTPS 443
SSLVPN Login Port 10443
SSH 22
Telnet 23
Timeout Settings Idle Timeout 5
Auth Timeout
Display Settings Language English
Lines Per Page 50
Virtual Domain Configuration disable
1.4 Maintenance
1.4.1 USB Auto-Install

Paramater Key
Update Fortigate Configuration at restart Yes - use config file name fgt_system.conf
Update Fortigate Firmware at restart Yes - use firmware file name image.out
1.4.2 FortiGuard Center

AntiVirus and IPS Options
Use override Server Address No
Allow Push Update No
Scheduled Update No
Web Filtering and AntiSpam Options

Web Filter Service disable
Anti Spam Service disable
AV Query Service disable
Use Port 53
Management Service Options

Account ID mktgdemo
2. Router
2.1 Static Routes
# Destination IP / Mask Gateway Device Distance Priority
1 0.0.0.0 0.0.0.0 192.168.100.1 port2 10 0
2 0.0.0.0 0.0.0.0 172.30.7.254 port10(Int_Mgnt) 10 0
3 0.0.0.0 0.0.0.0 10.10.11.254 port9(Ext_Mgnt) 10 0

2.2 RIP
2.2.1 General
Parameter Value
RIP Version 2
Default Metric 1
Default-information-originate disable
RIP Timers Update 30 sec.; Timeout 180 sec.; Garbage 120 sec.
Redistribute connected: disabled

static: disabled
ospf: disabled
bgp: disabled

3. Firewall
3.1 Policy Overview
3.1.1 any -> any

ID Source Destination Schedule Service Action NAT Anti-Virus Log Status
8 Any Any always ANY deny enable enable
3.1.2 port1 -> port2

5 Bob anygroup always NTP accept enable enable

7 Block Any always "DNS, HTTP, accept enable YYYY enable
HTTPS, NTP"

4 AddressLocal AddressPeer always ANY ipsec enable enable

6 Any binding always FTP accept enable enable
3.2 Policy Detail
3.2.1 any -> any

ID 8
Source Any Subnet 0.0.0.0/0
Destination Any Subnet 0.0.0.0/0
Schedule always Recurring Schedule: sunday monday tuesday wednesday thursday
friday saturday
Service ANY Predefined Service
Action deny
Log enable
Comments deny rule to end


ID 5
Source Bob IP 10.1.1.54
Destination anygroup Address Group: Any
friday saturday
Service NTP Predefined Service
Action accept
Protection Profile Not activated
Log enable
Comments test rule

ID 7
Source Block Subnet 0.0.0.0/0
Destination Any Subnet 0.0.0.0/0
friday saturday
Service "DNS, HTTP, HTTPS, NTP" Multiple Services
Action accept
NAT enable Dynamic IP Pool: disabled; Fixed Port: disabled
Protection Profile YYYY
Log disable

ID 4
Source AddressLocal IP 10.3.4.5
Destination AddressPeer IP 192.168.4.2
friday saturday
Service ANY Predefined Service
Action ipsec
VPN Tunnel Tunnel Allow inbound Allow outbound;
Log enable

ID 6
Source Any Subnet 0.0.0.0/0
Destination binding Static NAT (VIP): port2/125.35.45.15 -> 172.16.1.2
friday saturday
Service FTP Predefined Service
Action accept
NAT enable Dynamic IP Pool: disabled; Fixed Port: disabled
Log disable

3.3 Addresses & Groups
3.3.1 Address
Type Adress Name Value Interface
IP
Bob 10.1.1.54
AddressPeer 192.168.4.2
AddressLocal 10.3.4.5
Peter 10.10.1.1
santhi 125.35.45.15
ftp 172.16.1.2
toll1 172.16.1.20
SUBNET
Any 0.0.0.0 0.0.0.0
sdf 0.0.0.0 0.0.0.0
dergham 192.168.250.0 255.255.255.0 port4
3.3.2 Address-Groups
Group Name Member
dergham2 "Any" "Bob"
anygroup Any
3.4 Services
3.4.1 Custom Services

Service Name Detail
sqlnet TCP: 1526-1526:1-65535
Checkpoint UDP: 500-500:500-500
DIXICHENG TCP: 6000-6000:1-65535
NExT IP: 4
3.4.2 Service Group

Group Name Members
dddd "FTP" "OSPF" "UDP"
AWP MYSQL
abc AH
3.5 Schedule
3.5.1 One-time Schedules

Name Start End
3mart 00:00 2009/03/01 00:00 2009/03/30
3.5.2 Recurring Schedules

Name Day Start Stop
always sunday monday tuesday wednesday thursday friday saturday 00:00 00:00
Business Afternoon monday tuesday wednesday thursday friday 13:00 05:30

3.6 Virtual IP
3.6.1 Virtual IP
Name Type Interface / IP / Port Map to IP / Port HTTP Multiplexing
sever test1 server-load-balance port2 / 10.10.10.10
Real Server:Port Interval (Dead/Wake) Weight Health Check
20.20.20.20:80 10/10 1
30.30.30.30:80 10/10 1
prova static-nat port2 / 100.155.150.11 172.20.10.200

mail static-nat port2 / 203.131.67.18 / 441(tcp) 192.168.0.2 / 441
binding static-nat port2 / 125.35.45.15 172.16.1.2
toll static-nat port2 / 125.35.45.20 172.16.1.10
3.6.2 Health Check Monitor

Name Type Details Interval / Timeout / Retry
server test health http URL (http:\\\\10.10.10.10) Match () port (80) 10 / 2 / 3
3.6.3 IP Pool
Name Interface Start IP End IP
asdasda port1 0.0.0.0 0.0.0.0
1321 port5 192.168.0.1 192.168.0.1
dmz-1 port2 192.168.100.98 192.168.100.255
dmz-2 port2 192.168.100.97 192.168.100.97
adfdfsd port1 1.0.0.0 2.0.0.0
3.7 Protection Profile

3.7.1 Sales
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan enable
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 1 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Web Filtering HTTP HTTPS Options

Web Content Block - Threshold: 10
Web Content Exempt
Web URL Filter
Web ActiveX Filter
Web Cookie Filter
Web Java Applet Filter
Web Resume Download Block
Block invalid URLs
Allow unknown SSL session IDs
Web Category Filtering HTTP HTTPS Options

Enable FortiGuard Web Filtering
Enable FortiGuard Web Filtering Overrides
Details for blocked HTTP 4xx and 5xx errors
Rate images by URL
Allow websites when a rating error occurs
Strict blocking enable enable
Rate URLs by domain and IP address
Spam Filtering IMAP POP3 SMTP Options

FortiGuard Anti-spam
IP address check
URL check
E-mail checksum check
Spam submission enable enable enable
IP address BWL check
HELO DNS lookup
E-mail address BWL check
Return e-mail DNS check
Banned word check - Threshold: 10
Spam Action tag tag discard

Append to: Subject Subject Subject
Append with: Spam Spam Spam
IPS Critical High Medium Low Information

IPS Signature
IPS Anomaly

Content/Archive HTTP HTTPS FTP IMAP POP3 SMTP

Display content meta-information on dashboard enable enable enable enable enable enable
Archive content meta-information to FortiAnalyzer None None None None None None
Archive a copy of all files transferred
Log emails to FortiAnalyzer
AIM ICQ MSN Yahoo!

Archive IM summary information to FortiAnalyzer
Archive full IM chat information to FortiAnalyzer
IM AIM ICQ MSN Yahoo!

Enabled
Block Login
Block File Transfers
Block Audio
Inspect Non-standard Port
BitTorrenteDonkey Gnutella KaZaa Skype WinNY

Action pass pass pass pass pass pass
Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

3.7.2 nae
Virus Scan enable
File Filter
Quarantine
Comfort Clients
Threshold (MB) 10 10 10 10 10 10

Web Content Exempt
Web URL Filter
Web ActiveX Filter
Web Cookie Filter
Block invalid URLs

Rate images by URL

IP address check
URL check
HELO DNS lookup


IPS Signature
IPS Anomaly


AIM ICQ MSN Yahoo!


Enabled
Block Login
Block Audio

Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

3.7.3 webblock
Virus Scan
File Filter
Quarantine
Comfort Clients
Threshold (MB) 10 10 10 10 10 10

Web Content Exempt
Web URL Filter webblock
Web ActiveX Filter
Web Cookie Filter
Block invalid URLs

Rate images by URL

IP address check
URL check
HELO DNS lookup


IPS Signature
IPS Anomaly


AIM ICQ MSN Yahoo!


Enabled
Block Login
Block Audio

Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

3.7.4 YYYY
Virus Scan enable enable enable enable enable enable
File Filter
Quarantine
Comfort Clients
Threshold (MB) 10 10 10 10 10 10

Web Content Exempt
Web URL Filter
Web ActiveX Filter
Web Cookie Filter
Block invalid URLs

Rate images by URL

IP address check
URL check
HELO DNS lookup


IPS Signature
IPS Anomaly


AIM ICQ MSN Yahoo!


Enabled
Block Login
Block Audio

Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

3.7.5 deneme
Virus Scan
File Filter
Quarantine
Comfort Clients
Threshold (MB) 10 10 10 10 10 10

Web Content Exempt
Web URL Filter
Web ActiveX Filter
Web Cookie Filter
Block invalid URLs

Rate images by URL

IP address check
URL check
HELO DNS lookup


IPS Signature
IPS Anomaly


AIM ICQ MSN Yahoo!


Enabled
Block Login
Block Audio

Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

3.7.6 bfg
Virus Scan
File Filter
Quarantine
Comfort Clients
Threshold (MB) 10 10 10 10 10 10

Web Content Exempt
Web URL Filter
Web ActiveX Filter
Web Cookie Filter
Block invalid URLs

Rate images by URL

IP address check
URL check
HELO DNS lookup


IPS Signature
IPS Anomaly


AIM ICQ MSN Yahoo!


Enabled
Block Login
Block Audio

Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

3.7.7 testmio
Virus Scan
File Filter
Quarantine
Comfort Clients
Threshold (MB) 10 10 10 10 10 10

Web Content Exempt
Web URL Filter
Web ActiveX Filter
Web Cookie Filter
Block invalid URLs

Rate images by URL

IP address check
URL check
HELO DNS lookup


IPS Signature
IPS Anomaly


AIM ICQ MSN Yahoo!


Enabled
Block Login
Block Audio

Limit (KBytes/s)
Logging
AV
Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP

4. VPN
4.1 IPSec
4.1.1 AutoKey - Tunnel Mode

Phase 1 Remote Gateway Local IF Proposal
Tunnel Static/10.7.3.4 port1 MM / aes256-sha1 aes128-sha1 /
DH: 2
Auth-Method: Preshared Key XAuth: disable
Peer Options: Accept any peer ID Local ID:
Keylife: 86400 Dead Peer Detection: disable
Nat-traversal: disable
Phase 2 Proposal Selectors

TunnelIPSEC aes256-sha1 aes128-sha1 / without PFS Src: 192.168.1.1:0 - Dst: 0.0.0.0/0:0 - Protocol: 0
Replay Detection: disable Autokey Keep Alive: enable
Keylife: 3600 sec DHCP-IPsec: disable
Auto-negotiate: disable Single-Source: disable

ippolisy Static/41.11.10.1 port9 MM / 3des-sha1 aes128-sha1 / DH:
5

phase1_home_office Static/92.156.34.0 port1 AG / 3des-sha1 aes128-sha1 / DH:
5
4.1.2 Concentrator
Concentrator Name Members
TunnelCon Tunnel
4.2 SSL-VPN
4.2.1 Config
Login Port Tunnel IP Range Server Certificate Client Certificate Enc.-Alg. Idle Timeout
10443 10.0.0.20-10.0.0.80 self-sign not required default 300 sec
Portal Message
Authentication Timeout 28800 sec
SSLv2 disable

5. User
5.1 Local User
User Name Type Status
user1 Local enabled
cwindsor LDAP-Server: test2 enabled
test Local enabled
ricardo Local enabled
user2 Local enabled
5.2 LDAP
Name Server Name/IP Port CN Identifier Distinguished Name
test2 192.168.1.146 389 wut
5.3 User Group

Group Name Type Members Protection ProfileAdditional
FSAE_Guest_Users Directory Service
group1 Firewall user1

fcv Firewall
group Firewall "user1" "user2"
ssl SSL VPN "cwindsor" "user1"
CD SSL VPN
Grupo_SSL SSL VPN "ricardo" "test2"
5.4 Authentication Settings

Parameter Value
Authentication Timeout 5 minutes
Protocol Support http https ftp telnet
Certificate self-sign

6. Anti-Virus
6.1 Antivirus Internal Settings
Options HTTP FTP IMAP POP3 SMTP IM NNTP
Scanned Ports
Scan Bzip2 disable disable disable disable disable disable disable
Scan Depth for compressed files 12 12 12 12 12 12 12
Max. uncompressed file size (MB) 10 10 10 10 10 10 10
6.2 File Pattern

Filepattern List test123
Pattern Filter Type File Type Action Enabled for
exe type exe block imap smtp pop3 http ftp im nntp
imaps smtps pop3s https
mp3 pattern block imap smtp pop3 http ftp im nntp
sis type sis block imap smtp pop3 http ftp im nntp
Filepattern List exe

.exe pattern block imap smtp pop3 http ftp im nntp
Filepattern List HIT TEST

cod type cod block imap smtp pop3 http ftp im nntp
Filepattern List xiech

Comment: muma
Filepattern List test

.exe pattern block imap smtp pop3 http ftp im nntp
.com pattern block imap smtp pop3 http ftp im nntp

6.3 Quarantine
6.3.1 Config
Options HTTP FTP IMAP POP3 SMTP IM NNTP
Quarantine Infected Files
Quarantine Suspicious Files
Quarantine Blocked Files
Parameter Value
Age Limits 0
Max Filesize to Quarantine 40
Quarantine To Disk
Low Disk Space overwrite oldest file
Parameter Value
Enable AutoSubmit disable
6.4 Grayware
Category Status
Adware enable
Dial enable
Game enable
Joke
P2P
Spy
Keylog
Hijacker
Plugin
NMT
RAT
Misc
BHO enable
Toolbar
Download enable
HackerTool enable
7. Intrusion Protection
8. Web Filter
8.1 Web Content Block
Banned Word List: test
Comment: test
Pattern Pattern Type Language Score Status

10.10.10.1 regexp western 10 enable

8.2 Web Content Exempt

Banned Word Exempt List: test_list
Comment: test_list
Pattern Pattern Type Language Status
8.3 URL Filter

URL Filter List: test_url
Comment: test_url
URL Action Type Status

ik block simple enable
URL Filter List: URLT10

www.block.com block simple enable
URL Filter List: webblock

www.thaicybergames.com block simple enable
8.4 FortiGuard - Web Filter
8.4.1 Local Categories

Local Category Name
a1
9. Spam Filter
9.1 Banned Word
Banned Word List test
Num Pattern Pattern Type Language Where Score Status
9.2 IP Address Black/White List

IP Address List iptest
Num IP Address / Mask Action Status
9.3 Email Address Black/White List

Email Address List 123
Num Pattern Pattern Type Action Status

10. IM
User Protocol Policy
abc@yahoo.com YAHOO permit
Unknown Users MSN Yahoo! AIM ICQ

deny deny deny deny
11. Log
11.1 Log Setting
FortiAnalyzer IP Log Level Encryption LocalID
1 disabled
2 disabled
3 disabled
Syslog Server IP:Port Log Level Facility CSV

1 209.87.230.134:514 alert local7 enable
2 disabled
3 disabled
WebTrends IP Log Level

disabled
Memory Log Level Action when memory is reaching its capacity

enabled debug overwrite
11.2 Event Log Filter

Event Category Log
System activity event enable
IPSec negotiation event enable
DHCP service event disable
L2TP/PPTP/PPPoE service event enable
Admin event enable
HA activity event enable
Firewall authentication event enable
Pattern update event enable
SSL VPN user authentication event enable
SSL VPN administration event enable
SSL VPN session event enable

Autodoc Konfiguration Fortigate

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Autodoc Konfiguration Fortigate

Încărcat de

Drepturi de autor:

Formate disponibile

Fortinet Configuration Report

Firmware Version 4.00 build092 build date 090220

Report printed on jz-pc at 03/29/09 17:59:00 with autodoc Version 8.10

System is running in NAT/Route Mode

Def. GW: 192.168.100.1

port2: 192.168.100.99/24 port1: 192.168.1.99/24

1.1.1.1 Tunnel Interface Configuration

Firewall Report (c) BOLL Engineering AG Page: 1

Dead Gateway Detection

1.2.2 Replacement Messages

Firewall Report (c) BOLL Engineering AG Page: 2

Firewall Report (c) BOLL Engineering AG Page: 3

Firewall Report (c) BOLL Engineering AG Page: 4

FortiGuard Web Filtering

Adminstrator Permission Type VDOM Trusted Host #1 / #2 / #3 Schedule

Firewall Report (c) BOLL Engineering AG Page: 5

1.3.2 Access Profile

demo_profile Access Control Rights

SE_Profile Access Control Rights

Firewall Report (c) BOLL Engineering AG Page: 6

1.4.1 USB Auto-Install

1.4.2 FortiGuard Center

Web Filtering and AntiSpam Options

Management Service Options

Firewall Report (c) BOLL Engineering AG Page: 7

Redistribute connected: disabled

Firewall Report (c) BOLL Engineering AG Page: 8

3.1.1 any -> any

3.1.2 port1 -> port2

3.1.3 port1 -> port4

3.1.4 port2 -> port1

3.1.5 port2 -> port4

3.2 Policy Detail

3.2.1 any -> any

Firewall Report (c) BOLL Engineering AG Page: 9

3.2.2 port1 -> port2

3.2.3 port1 -> port4

3.2.4 port2 -> port1

3.2.5 port2 -> port4

Firewall Report (c) BOLL Engineering AG Page: 10

3.3 Addresses & Groups

3.4.1 Custom Services

3.4.2 Service Group

3.5.1 One-time Schedules

3.5.2 Recurring Schedules

Firewall Report (c) BOLL Engineering AG Page: 11

prova static-nat port2 / 100.155.150.11 172.20.10.200

3.6.2 Health Check Monitor

3.7 Protection Profile

Firewall Report (c) BOLL Engineering AG Page: 12

Web Filtering HTTP HTTPS Options

Web Category Filtering HTTP HTTPS Options

Spam Filtering IMAP POP3 SMTP Options

Spam Action tag tag discard

IPS Critical High Medium Low Information

Firewall Report (c) BOLL Engineering AG Page: 13

Content/Archive HTTP HTTPS FTP IMAP POP3 SMTP

AIM ICQ MSN Yahoo!

IM AIM ICQ MSN Yahoo!

BitTorrenteDonkey Gnutella KaZaa Skype WinNY

Firewall Report (c) BOLL Engineering AG Page: 14

Web Filtering HTTP HTTPS Options

Web Category Filtering HTTP HTTPS Options