Content Disarm and Reconstruction (CDR)
In this recipe you will configure the default AntiVirus security profile to include a new FortiOS 6.0 feature: Content Disarm and Reconstruction (CDR). You will apply this security profile to the Internet access policy so that exploitable content leaving the network is stripped from documents and replaced with content that is known to be safe.
In the example, we will use FortiSandbox as the original file destination, where the original file is archived and can be retrieved if necessary. The CDR feature works without FortiSandbox configured, but only if you wish to discard the original file.
Content that can be scanned includes PDF and Microsoft Office files leaving the network on CDR-supported protocols* (for more information, refer to the Security Profiles handbook).
Note that the FortiGate must be in Proxy inspection mode for CDR to function.