Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Security profiles

Security profiles

Where security policies control what traffic passes through the device, security profiles allow you to filter the content coming and going on the network.

A security profile is a set of options and filters that you configure and then apply to one or more firewall policies.

You can configure security profile groups for the traffic types handled by a set of security policies that require identical protection, rather than repeatedly configuring those same security profile settings for each individual security policy.

For more information about security profile groups, see Security profile groups.

AntiVirus

The AntiVirus security profile inspects traffic that is about to be transmitted through the FortiGate firewall for attributes or signatures that are known to be associated with malware. Detected malware is then removed. To increase efficiency, you can configure an AntiVirus profile to inspect only the traffic being transmitted by specific protocols.

Web Filter

The Web Filter security profile looks at the destination location request for an HTTP(S) request made by the sending computer. If the URL is on the list of unwanted sites that you configured on the FortiGate, the connection will be denied. If the site is in a category of sites that you configured to deny connections to, the session will be denied. You can also configure the content filter to check for specific strings of data on a web site. If any of those strings are detected, the connection will be denied.

DNS Filter

The DNS Filtering security profile is similar to the Web Filtering profile except that it filters at the DNS level. This means that sites can be denied before a lot additional processing takes place. This can save resources on the FortiGate and help improve performance.

Application Control

The Application Control security profile allows you to determine what applications are operating on your network and to filter the use of these applications as required. You can also apply application control to outgoing traffic so that applications considered unacceptable are prevented from crossing the network gateway to other networks. An example of this is the use of proxy servers to circumvent the restrictions put in place using the Web Filter.

Intrusion Prevention

An Intrusion Prevention security profile looks for activity or behavior that is consistent with attacks against your network. When the IPS sensor detects attack-like behavior, the affected traffic is either dropped or monitored.

Email Filter

The Email Filter security profile can significantly reduce the amount of spam users receive.

Data Leak Prevention (DLP)

The Data Leak Prevention security profile prevents sensitive information from leaving your network. For example, a DLP security profile can prevent internal users from emailing sensitive documents to external addresses.

VoIP

The VoIP security profile applies the SIP Application Level Gateway (ALG) to support SIP through the FortiGate unit. The SIP ALG can also be used to protect networks from SIP-based attacks.

SSL/SSH Inspection

The SSL/SSH Inspection security profile inspects encrypted traffic for malicious content. For more information, see SSL/SSH inspection.

ICAP

Internet Content Adaptation Protocol (ICAP) off loads HTTP traffic to another location for specialized processing. When triggered, this module sends incoming HTTP traffic to a remote server to be processed, thus taking some of the strain off FortiGate resources. Processing can be cover tasks such as sophisticated antivirus to manipulation of the HTTP headers and URLs.

Web Application Firewall

The Web Application Firewall (WAF) protects internal web servers from malicious activity specific to those types of servers. This includes things like SQL injection, cross-site scripting, and trojans. WAF uses signatures and other methods to protect the web servers.

Security profiles

Security profiles

Where security policies control what traffic passes through the device, security profiles allow you to filter the content coming and going on the network.

A security profile is a set of options and filters that you configure and then apply to one or more firewall policies.

You can configure security profile groups for the traffic types handled by a set of security policies that require identical protection, rather than repeatedly configuring those same security profile settings for each individual security policy.

For more information about security profile groups, see Security profile groups.

AntiVirus

The AntiVirus security profile inspects traffic that is about to be transmitted through the FortiGate firewall for attributes or signatures that are known to be associated with malware. Detected malware is then removed. To increase efficiency, you can configure an AntiVirus profile to inspect only the traffic being transmitted by specific protocols.

Web Filter

The Web Filter security profile looks at the destination location request for an HTTP(S) request made by the sending computer. If the URL is on the list of unwanted sites that you configured on the FortiGate, the connection will be denied. If the site is in a category of sites that you configured to deny connections to, the session will be denied. You can also configure the content filter to check for specific strings of data on a web site. If any of those strings are detected, the connection will be denied.

DNS Filter

The DNS Filtering security profile is similar to the Web Filtering profile except that it filters at the DNS level. This means that sites can be denied before a lot additional processing takes place. This can save resources on the FortiGate and help improve performance.

Application Control

The Application Control security profile allows you to determine what applications are operating on your network and to filter the use of these applications as required. You can also apply application control to outgoing traffic so that applications considered unacceptable are prevented from crossing the network gateway to other networks. An example of this is the use of proxy servers to circumvent the restrictions put in place using the Web Filter.

Intrusion Prevention

An Intrusion Prevention security profile looks for activity or behavior that is consistent with attacks against your network. When the IPS sensor detects attack-like behavior, the affected traffic is either dropped or monitored.

Email Filter

The Email Filter security profile can significantly reduce the amount of spam users receive.

Data Leak Prevention (DLP)

The Data Leak Prevention security profile prevents sensitive information from leaving your network. For example, a DLP security profile can prevent internal users from emailing sensitive documents to external addresses.

VoIP

The VoIP security profile applies the SIP Application Level Gateway (ALG) to support SIP through the FortiGate unit. The SIP ALG can also be used to protect networks from SIP-based attacks.

SSL/SSH Inspection

The SSL/SSH Inspection security profile inspects encrypted traffic for malicious content. For more information, see SSL/SSH inspection.

ICAP

Internet Content Adaptation Protocol (ICAP) off loads HTTP traffic to another location for specialized processing. When triggered, this module sends incoming HTTP traffic to a remote server to be processed, thus taking some of the strain off FortiGate resources. Processing can be cover tasks such as sophisticated antivirus to manipulation of the HTTP headers and URLs.

Web Application Firewall

The Web Application Firewall (WAF) protects internal web servers from malicious activity specific to those types of servers. This includes things like SQL injection, cross-site scripting, and trojans. WAF uses signatures and other methods to protect the web servers.