Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 5.4.0 Handbook
    5.4.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring a WAF Profile

    Configuring a WAF Profile

    A WAF profile references the WAF policies that are to be enforced.

    Predefined WAF profiles describes the predefined profiles. In many cases, you can use predefined profiles to get started.

    Predefined WAF profiles
    Predefined Profiles Description

    High-Level-Security
    • Web Attack Signature policy: High-Level-Security
    • HTTP Protocol Constraints policy: High-Level-Security
    • SQL/XSS Injection Detection policy: High-Level-Security

    Medium-Level-Security
    • Web Attack Signature policy: Medium-Level-Security
    • HTTP Protocol Constraints policy: Medium-Level-Security
    • SQL/XSS Injection Detection policy: Medium-Level-Security

    Alert-Only
    • Web Attack Signature policy: Alert-Only
    • HTTP Protocol Constraints policy: Alert-Only
    • SQL/XSS Injection Detection policy: Alert-Only

    If desired, you can create user-defined profiles. The maximum number of profiles per VDOM is 255.

    Before you begin:

    • You can use predefined WAF profiles, create profiles based on predefined feature options, or create profiles based on user-defined configuration objects. If you want to add user-defined configuration objects, you must create them before using this procedure to add them to a WAF profile.
    • You must have Read-Write permission for Security settings.

    After you have created a WAF profile, you can specify it in a virtual server configuration.

    To configure a WAF Profile:
    1. Go to Web Application Firewall > Web Application Firewall.
    2. Click the WAF Profile tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in WAF Profile configuration.
    5. Save the configuration.

    WAF Profile configuration
    Settings Guidelines

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    Description

    A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.

    Web Attack Signature

    Select a predefined or user-defined Web Attack Signature configuration object.

    URL Protection

    Select a user-defined URL Protection configuration object.

    HTTP Protocol Constraint

    Select a predefined or user-defined HTTP Protocol Constraint configuration object.

    SQL/XSS Injection Detection

    Select a predefined or user-defined SQL/XSS Injection Detection configuration object.

    Exception Name

    Select a user-defined exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

    Bot Detection

    Select a user-defined Bot Detection configuration object.
    Previous
    Next

    Configuring a WAF Profile

    Configuring a WAF Profile

    A WAF profile references the WAF policies that are to be enforced.

    Predefined WAF profiles describes the predefined profiles. In many cases, you can use predefined profiles to get started.

    Predefined WAF profiles
    Predefined Profiles Description

    High-Level-Security
    • Web Attack Signature policy: High-Level-Security
    • HTTP Protocol Constraints policy: High-Level-Security
    • SQL/XSS Injection Detection policy: High-Level-Security

    Medium-Level-Security
    • Web Attack Signature policy: Medium-Level-Security
    • HTTP Protocol Constraints policy: Medium-Level-Security
    • SQL/XSS Injection Detection policy: Medium-Level-Security

    Alert-Only
    • Web Attack Signature policy: Alert-Only
    • HTTP Protocol Constraints policy: Alert-Only
    • SQL/XSS Injection Detection policy: Alert-Only

    If desired, you can create user-defined profiles. The maximum number of profiles per VDOM is 255.

    Before you begin:

    • You can use predefined WAF profiles, create profiles based on predefined feature options, or create profiles based on user-defined configuration objects. If you want to add user-defined configuration objects, you must create them before using this procedure to add them to a WAF profile.
    • You must have Read-Write permission for Security settings.

    After you have created a WAF profile, you can specify it in a virtual server configuration.

    To configure a WAF Profile:
    1. Go to Web Application Firewall > Web Application Firewall.
    2. Click the WAF Profile tab.
    3. Click Create New to display the configuration editor.
    4. Complete the configuration as described in WAF Profile configuration.
    5. Save the configuration.

    WAF Profile configuration
    Settings Guidelines

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.

    Description

    A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.

    Web Attack Signature

    Select a predefined or user-defined Web Attack Signature configuration object.

    URL Protection

    Select a user-defined URL Protection configuration object.

    HTTP Protocol Constraint

    Select a predefined or user-defined HTTP Protocol Constraint configuration object.

    SQL/XSS Injection Detection

    Select a predefined or user-defined SQL/XSS Injection Detection configuration object.

    Exception Name

    Select a user-defined exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

    Bot Detection

    Select a user-defined Bot Detection configuration object.
    Previous
    Next