Fortinet black logo

Handbook

Windows file sharing (CIFS)

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:488541
Download PDF

Windows file sharing (CIFS)

FortiOS supports virus scanning of Windows file sharing traffic. This includes CIFS, SMB, and SAMBA traffic. This feature is applied by enabling SMB scanning in an antivirus profile and then adding this profile to a security policy that accepts CIFS traffic. CIFS virus scanning is available only through flow-based antivirus scanning.

FortiOS flow-based virus scanning can detect the same number of viruses in CIFS/SMB/SAMBA traffic as it can for all supported content protocols.

Note the following about CIFS/SMB/SAMBA virus scanning:

  • Some newer version of SAMBA clients and SMB2 can spread one file across multiple sessions, preventing some viruses from being detected if this occurs.
  • Enabling CIFS/SMB/SAMBA virus scanning can affect FortiGate performance.
  • SMB2 is a new version of SMB that was first partially implemented in Windows Vista.
  • Currently SMB2 is supported by Windows Vista or later, and partly supported by Samba 3.5 and fully support by Samba 3.6.
  • The latest version of SMB2.2 will be introduced with Windows 8.
  • Most clients still use SMB as default setting.

Configuring CIFS/SMB/SAMBA virus scanning

Use the following command to enable CIFS/SMB/SAMBA virus scanning in an antivirus profile:

config antivirus profile

edit <smb-profile>

config smb

set options scan

end

Then add this antivirus profile to a security policy that accepts the traffic to be virus scanned. In the security policy the service can be set to ALL, SAMBA, or SMB.

config firewall policy

edit <policy-id-integer>

set service ALL

...

set utm-status enable

set av-profile <smb-profile>

end

Windows file sharing (CIFS)

FortiOS supports virus scanning of Windows file sharing traffic. This includes CIFS, SMB, and SAMBA traffic. This feature is applied by enabling SMB scanning in an antivirus profile and then adding this profile to a security policy that accepts CIFS traffic. CIFS virus scanning is available only through flow-based antivirus scanning.

FortiOS flow-based virus scanning can detect the same number of viruses in CIFS/SMB/SAMBA traffic as it can for all supported content protocols.

Note the following about CIFS/SMB/SAMBA virus scanning:

  • Some newer version of SAMBA clients and SMB2 can spread one file across multiple sessions, preventing some viruses from being detected if this occurs.
  • Enabling CIFS/SMB/SAMBA virus scanning can affect FortiGate performance.
  • SMB2 is a new version of SMB that was first partially implemented in Windows Vista.
  • Currently SMB2 is supported by Windows Vista or later, and partly supported by Samba 3.5 and fully support by Samba 3.6.
  • The latest version of SMB2.2 will be introduced with Windows 8.
  • Most clients still use SMB as default setting.

Configuring CIFS/SMB/SAMBA virus scanning

Use the following command to enable CIFS/SMB/SAMBA virus scanning in an antivirus profile:

config antivirus profile

edit <smb-profile>

config smb

set options scan

end

Then add this antivirus profile to a security policy that accepts the traffic to be virus scanned. In the security policy the service can be set to ALL, SAMBA, or SMB.

config firewall policy

edit <policy-id-integer>

set service ALL

...

set utm-status enable

set av-profile <smb-profile>

end