Security profiles
Security profiles define what to inspect in the traffic that the FortiProxy is passing. When traffic matches the profile, it is either allowed, blocked, or monitored (allowed and logged).
The protection that a profile provides, and the information that it monitors, can be configured to your requirements, but increased inspection uses more of the FortiProxy's resources. Assess your policies' traffic matching, and then apply the necessary level of protection.
Security profiles can use flow or proxy mode inspection. Apply flow mode inspection to policies that prioritize traffic throughput, and proxy mode when thoroughness is more important than performance. Under normal traffic conditions, the throughput difference between the two modes is insignificant. For resource optimization, using one mode uniformly across all of the policies is recommended.
Each security profile generates its own log type that contains some log fields that are not present in other logs. This can be important when reviewing or analyzing the logs to assess or troubleshoot user traffic. For example, if no web filtering is applied, then you will not have insight or control of users' browsing information.
The following table lists some basic examples of how a security profile could be used on an edge FortiProxy, where inbound traffic goes from the internet to an internal resource using a VIP, and outbound traffic goes from your network to an internet resource:
Security profile |
Inbound traffic |
Outbound traffic |
---|---|---|
Antivirus |
Protect external resources from malware, such as HTTP PUT requests or FTP uploads. |
Scan requested user traffic for malware. |
Web filter |
Not usually applied to inbound traffic. |
Monitor and block user web traffic based on categories and domains. |
Video filter |
Not usually applied to inbound traffic. |
Monitor and restrict YouTube videos based on categories or channels. |
DNS filter |
Not usually applied to inbound traffic. |
Monitor and filter DNS lookups based on domain ratings. Block requests for known compromised domains. |
Application control |
Make sure that specific protocols are used to access specific ports. For example, only allow SSH traffic to be sent and received over port 22. |
Monitor and filter applications on any port. |
Intrusion prevention |
Protect external services from known exploits and protocol anomalies. |
Block connections to botnet sites. |
File filter |
Prevent uploading files based on the file type and the protocol that is used. |
Prevent downloading files based on the file type and the protocol that is used. |
Data leak prevention |
Prevent sensitive data from entering your network. |
Prevent sensitive data, such as credit card numbers or SSNs, from leaving your network. |
ICAP |
Offload tasks to separate, specialized servers. |
Offload tasks to separate, specialized servers. |