Fortinet black logo

Administration Guide

Home FortiGate CNF Administration Guide

Security profiles

Security profiles

Security profiles collect pre-configured intrusion detection profiles into a re-usable group. After a security profile is created it can be further customized.

Go to Configuration > Security Profiles to view the list of configured security profiles.

Security profiles have the following basic options:

Item Description
Name Enter a unique name for the security profile.

DNS Filter

Enable or disable DNS filters.

Known Bad IP Blocking

Enable or disable filters to block or monitor known bad addresses.

Intrusion Prevention

Enable or disable intrusion prevention system (IPS).

The security profile is created with a default set of options.

Editing security profiles

To edit a security profile:

  1. Select a security profile from the list and click Edit.

  2. Click Customize in the appropriate filter profile.

DNS filter options

Caution

In order for DNS filtering to work, you must first configure your cloud environment.
Item Description
Redirect Botnet C&C to Block Portal Enable or disable botnet redirection.

FortiGuard Category Based Filters

Enable or disable category filters.

For each filter category, select the action:

  • Allow

  • Redirect to Block Portal

  • Monitor

Domain Filters

Enable or disable domain filters, then add or edit filters and configure the following options.

Domain

Enter the domain to filter.

Type

Select the type of matching for the entered domain.

Action

Select the action:

  • Allow

  • Redirect to Block Portal

  • Monitor

Status

Enable or disable this domain filter.
DNS Translation

Enable or disable DNS translation filters, then add or edit filters and configure the following options.

Address Type

Only IPv4 addresses are supported. This is not configurable.

Destination

Enter the destination IP address.

Net Mask

Enter the net mask.

Source

Enter the source IP address.

Status

Enable or disable this domain filter.

Known Bad IP Blocking options

Item Description
Block Malicious URLs

Enable or disable blocking of malicious URLs.

Select the action:

  • Enable

  • Disable

Block Command and Control server IPs

Block known command and control server IPs.

Select the action:

  • Enable

  • Disable

  • Monitor

Intrusion Prevention options

Item Description
IPS Profile

Select the preset IPS profile to use. The profiles cannot be further configured.

  • all_default: Filters all predefined signatures, and sets action to the signature’s default action.

  • all_default_pass: Filters all predefined signatures, and sets action to pass/monitor.

  • default: Filters all predefined signatures with severity of Critical/High/Medium. Sets action to signature’s default action.

  • high_security: Filters all predefined signatures with severity of Critical/High/Medium, and sets action to Block. For Low severity signatures, sets action to signature’s default action.

  • protect_client: Protects against client-side vulnerabilities by filtering on Target=Client. Sets action to signature’s default action.

  • protect_email_server: Protects against email server-side vulnerabilities by filtering on Target=Server and Protocol=IMAP, POP3 or SMTP. Sets action to signature’s default action.

  • protect_http_server: Protects against HTTP server-side vulnerabilities by filtering on Target=Server and Protocol=HTTP. Sets action to signature’s default action.

  • sniffer-profile: Filters all predefined signatures with severity of Critical/High/Medium. Sets action to signature’s default action.

For more information about signatures and the default actions for each, see the FortiGuard Threat Encyclopedia.

Caution

FortiGate CNF does not include block-malicious-url as part of the high_security sensor. We recommend enabling Known Bad IP Blocking in the security profile to enable blocking known and bad IPs.
Previous
Next

Security profiles

Security profiles collect pre-configured intrusion detection profiles into a re-usable group. After a security profile is created it can be further customized.

Go to Configuration > Security Profiles to view the list of configured security profiles.

Security profiles have the following basic options:

Item Description
Name Enter a unique name for the security profile.

DNS Filter

Enable or disable DNS filters.

Known Bad IP Blocking

Enable or disable filters to block or monitor known bad addresses.

Intrusion Prevention

Enable or disable intrusion prevention system (IPS).

The security profile is created with a default set of options.

Editing security profiles

To edit a security profile:

  1. Select a security profile from the list and click Edit.

  2. Click Customize in the appropriate filter profile.

DNS filter options

Caution

In order for DNS filtering to work, you must first configure your cloud environment.
Item Description
Redirect Botnet C&C to Block Portal Enable or disable botnet redirection.

FortiGuard Category Based Filters

Enable or disable category filters.

For each filter category, select the action:

  • Allow

  • Redirect to Block Portal

  • Monitor

Domain Filters

Enable or disable domain filters, then add or edit filters and configure the following options.

Domain

Enter the domain to filter.

Type

Select the type of matching for the entered domain.

Action

Select the action:

  • Allow

  • Redirect to Block Portal

  • Monitor

Status

Enable or disable this domain filter.
DNS Translation

Enable or disable DNS translation filters, then add or edit filters and configure the following options.

Address Type

Only IPv4 addresses are supported. This is not configurable.

Destination

Enter the destination IP address.

Net Mask

Enter the net mask.

Source

Enter the source IP address.

Status

Enable or disable this domain filter.

Known Bad IP Blocking options

Item Description
Block Malicious URLs

Enable or disable blocking of malicious URLs.

Select the action:

  • Enable

  • Disable

Block Command and Control server IPs

Block known command and control server IPs.

Select the action:

  • Enable

  • Disable

  • Monitor

Intrusion Prevention options

Item Description
IPS Profile

Select the preset IPS profile to use. The profiles cannot be further configured.

  • all_default: Filters all predefined signatures, and sets action to the signature’s default action.

  • all_default_pass: Filters all predefined signatures, and sets action to pass/monitor.

  • default: Filters all predefined signatures with severity of Critical/High/Medium. Sets action to signature’s default action.

  • high_security: Filters all predefined signatures with severity of Critical/High/Medium, and sets action to Block. For Low severity signatures, sets action to signature’s default action.

  • protect_client: Protects against client-side vulnerabilities by filtering on Target=Client. Sets action to signature’s default action.

  • protect_email_server: Protects against email server-side vulnerabilities by filtering on Target=Server and Protocol=IMAP, POP3 or SMTP. Sets action to signature’s default action.

  • protect_http_server: Protects against HTTP server-side vulnerabilities by filtering on Target=Server and Protocol=HTTP. Sets action to signature’s default action.

  • sniffer-profile: Filters all predefined signatures with severity of Critical/High/Medium. Sets action to signature’s default action.

For more information about signatures and the default actions for each, see the FortiGuard Threat Encyclopedia.

Caution

FortiGate CNF does not include block-malicious-url as part of the high_security sensor. We recommend enabling Known Bad IP Blocking in the security profile to enable blocking known and bad IPs.
Previous
Next