User or client behavior can sometimes increase the risk of being attacked or becoming infected. For example, if one of your network clients receives email viruses on a daily basis while no other clients receive these attachments, extra measures may be required to protect that client, or a discussion with the user about this issue may be warranted.
Before you can decide on a course of action, you need to know the problem is occurring. Threat weight can provide this information by tracking client behavior and reporting on activities that you determine are risky or worth tracking.
Threat weight profiles can be created, edited, and assigned to devices. When Threat Weight Tracking is enabled, the Log Allowed Traffic setting is enabled on all policies. For more information on configuring the Threat Weight profile, see the FortiOS Handbook.
- Go to the Device Manager > Provisioning Templates > Threat Weight.
- Click Create New in the toolbar.
- In the Create New Threat Weight pane, type a name for the profile.
- Click OK to create the new threat weight profile.
- Select a threat weight profile and click Edit. The Edit Threat Weightpane opens.
- Adjust the threat levels as needed, then click OK to save your changes:
Log Threat Weight
Turn on threat weight tracking.
Reset all the threat level definition values to their defaults.
Import threat level definitions from a device in the ADOM.
Adjust the tracking levels for the different application types that can be tracked.
Adjust the tracking levels for the different attack types that can be tracked.
Adjust the tracking levels for the malware or botnet connections that can be detected.
Packet Based Inspection
Adjust the tracking levels for failed connection attempts and traffic blocked by firewall policies.
Adjust the tracking levels for various types of web activity.
Risk Level Values
Adjust the values for the four risk levels.
- Select a threat weight profile and click Assign to Device.
- Select devices to assign to and click OK.
The devices assigned to the template are shown in the Assign to Device column.