Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.0 Administration Guide

Protection or Simulation mode

5.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 30b84173-e130-11ec-bb32-fa163e15d75b:851746
Download PDF

Protection or Simulation mode

During an initial acquaintance period or at any time, you can decide that FortiEDR acts as either of the following:

  • Protection: FortiEDR enforces its active exfiltration prevention policy that blocks all connections that violate the relevant FortiEDR security policy rules.
  • Simulation (Notification Only): FortiEDR only issues an alert (described below) for all connections that violate any rule in the FortiEDR security policy. In this mode, FortiEDR does not block exfiltration. FortiEDR comes out-of-the-box set to this mode.
    Note

    If you have purchased a Content add-on license, policy rules and built-in exceptions are periodically automatically added or updated by Fortinet. When a new security policy is added, an indicator number displays on the SECURITY SETTINGS tab.

Use the Protection/Simulation slider at the far right of the window to enable the applicable mode, as shown below:

You can click the down arrow next to the Protection/Simulation slider to see an at-a-glance view of the system’s various security policies and their impact on the Collectors in the system.

Previous
Next

Protection or Simulation mode

During an initial acquaintance period or at any time, you can decide that FortiEDR acts as either of the following:

  • Protection: FortiEDR enforces its active exfiltration prevention policy that blocks all connections that violate the relevant FortiEDR security policy rules.
  • Simulation (Notification Only): FortiEDR only issues an alert (described below) for all connections that violate any rule in the FortiEDR security policy. In this mode, FortiEDR does not block exfiltration. FortiEDR comes out-of-the-box set to this mode.
    Note

    If you have purchased a Content add-on license, policy rules and built-in exceptions are periodically automatically added or updated by Fortinet. When a new security policy is added, an indicator number displays on the SECURITY SETTINGS tab.

Use the Protection/Simulation slider at the far right of the window to enable the applicable mode, as shown below:

You can click the down arrow next to the Protection/Simulation slider to see an at-a-glance view of the system’s various security policies and their impact on the Collectors in the system.

Previous
Next