Professional Documents
Culture Documents
Hostname: FortiGate-310B_Demo_Unit
FortiGate FG310B
1. System Configuration
Host Name: FortiGate-310B_Demo_Unit
1.1 Network
1.1.1 Interface
Name IP - Netmask Access Mode Type Log
port1 192.168.1.99 255.255.255.0 ping https manual physical
port2 192.168.100.99 255.255.255.0 ping manual physical
port4 10.10.10.1 255.255.255.0 ping manual physical
port9 (Ext_Mgnt) 10.10.11.24 255.255.255.0 ping https ssh manual physical
snmp http
ssl.root manual tunnel
1.1.2 Options
DNS Server IP
Primary 65.39.139.53
Secondary 65.39.139.63
Local Domain Name ''
1.2 Config
1.2.1 Time
Timezone Adjust for Daylight Saving Changes
(GMT-08:00) Pacific Time (US&Canada) enable
Set Time
Manual
HTTP
Virus message "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to download
the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
</p><p>URL = http://%%URL%%</p><p>File quarantined as:
%%QUARFILENAME%%.</p></BODY></HTML>"
Incection cache message <HTML><BODY><H2>High security alert!!!</h2><p>The URL you requested was
previously found to be infected.</p><p>URL =
File block message http://%%URL%%</p></BODY></HTML>
"<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to
download the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY>
Oversized file message </HTML>"
"<HTML><BODY> <h2>Attention!!!</h2><p>The file \"%%FILE%%\" has been blocked.
The file is larger than the configured file size limit.</p> <p>URL =
http://%%URL%%</p> </BODY></HTML>"
Banned word message <HTML><BODY>The page you requested has been blocked because it contains a
banned word. URL = http://%%URL%%</BODY></HTML>
URL block message <HTML><BODY>The URL you requested has been blocked. URL =
%%URL%%</BODY></HTML>
Client block "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to upload
the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>"
Client anti-virus "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to upload
the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
</p><p>URL = http://%%URL%%</p><p>File quarantined as:
%%QUARFILENAME%%.</p></BODY></HTML>"
Client filesize <HTML><BODY> <h2>Attention!!!</h2><p>Your request has been blocked. The
request is larger than the configured file size limit.</p> <p>URL =
http://%%URL%%</p> </BODY></HTML>
Client banned word <HTML><BODY>The page you uploaded has been blocked because it contains a
banned word. URL = http://%%URL%%</BODY></HTML>
FTP
Virus message Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File
quarantined as %%QUARFILENAME%%.
Blocked message "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
Oversized message File size limit exceeded.
NNTP
virus message "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been
removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File
quarantined as: \"%%QUARFILENAME%%\"."
blocked message The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%
oversize message This article has been blocked. The article is larger than the configured file size limit.
Alert Mail
virus message Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP:
%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From:
%%EMAIL_FROM%% Email Address To: %%EMAIL_TO%%
block message File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP:
%%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From:
%%EMAIL_FROM%% Email Address To: %%EMAIL_TO%%
intrusion message The following intrusion was observed: %%NIDS_EVENT%%.
critical event message The following critical firewall event was detected: %%CRITICAL_EVENT%%.
disk full message The log disk is Full.
Spam
Email IP Mail from this IP address is not allowed and has been blocked.
RBL/ORDBL message
HELO/EHLO domain This message has been blocked because the HELO/EHLO domain is invalid.
Email address Mail from this email address is not allowed and has been blocked.
Mime header This message has been blocked because it contains an invalid header.
Returned email domain This message has been blocked because the return email domain is invalid.
Banned word This message has been blocked because it contains a banned word.
Spam submission message If this email is not spam, click here to submit the signatures to FortiGuard - AntiSpam
Service.
Administration
Login Disclaimer "W A R N I N G W A R N I N G W A R N I N G W A R N I N G
Authentication
Disclaimer page "<HTML><HEAD><TITLE>Firewall Disclaimer</TITLE></HEAD><BODY><FORM
ACTION=\"/\" method=\"POST\"><INPUT TYPE=\"hidden\" NAME=\"%%MAGICID%%\"
VALUE=\"%%MAGICVAL%%\"><INPUT TYPE=\"hidden\"
NAME=\"%%ANSWERID%%\" VALUE=\"%%DECLINEVAL%%\"><INPUT
TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><TABLE
ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0
bgcolor=\"#008080\"><TR><TD><TABLE border=0 width=\"100%\" height=\"100%\"
cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">Disclaimer
Agreement</font></b></TD><TR><TR height=\"100%\"><TD><TABLE border=0
cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font
size=2 face=\"Times New Roman\">You are about to access Internet content that is not
under the control of the network access provider. The network access provider is
therefore not responsible for any of these sites, their content or their privacy policies.
The network access provider and its staff do not endorse nor make any representations
about these sites, or any information, software or other products or materials found
there, or any results that may be obtained from using them. If you decide to access any
Internet content, you do this entirely at your own risk and you are responsible for
ensuring that any accessed material does not infringe the laws governing, but not
exhaustively covering, copyright, trademarks, pornography, or any other material which
is slanderous, defamatory or might cause offence in any other
way.</font></TD></TR><TR><TD>Do you agree to the above
terms?</TD></TR><TR><TD><INPUT CLASS=\"button\" TYPE=\"button\"
Declined disclaimer page VALUE=\"Yes, I agree\" ONCLICK=\"agree()\"><INPUT
"<HTML><HEAD><TITLE>Firewall Disclaimer CLASS=\"button\"
TYPE=\"button\" VALUE=\"No, I decline\"
Declined</TITLE></HEAD><BODY><FORM ACTION=\"/\" method=\"POST\"><INPUT
ONCLICK=\"decline()\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FO
TYPE=\"hidden\" NAME=\"%%MAGICID%%\" VALUE=\"%%MAGICVAL%%\"><INPUT
LANGUAGE=\"JavaScript\">function
TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><TABLE
agree(){document.forms[0].%%ANSWERID%%.value=\"%%AGREEVAL%%\";document.forms[0]
ALIGN=\"CENTER\" width=400 height=250 cellpadding=2 cellspacing=0 border=0
decline(){document.forms[0].submit();}</SCRIPT></BODY></HTML>"
bgcolor=\"#008080\"><TR><TD><TABLE border=0 width=\"100%\" height=\"100%\"
'' ''
cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\" color=\"#ffffff\">Disclaimer
Declined</font></b></TD><TR><TR height=\"100%\"><TD><TABLE border=0
cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD colspan=2><font
size=2 face=\"Times New Roman\">Sorry, network access cannot be granted unless
Login page you agree to the disclaimer.</font></TD><TR><TR><TD></TD><TD><INPUT
"<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD><BODY><FORM
TYPE=\"submit\"
ACTION=\"/\" method=\"POST\"><INPUT
VALUE=\"Return to TYPE=\"hidden\" NAME=\"%%MAGICID%%\"
Disclaimer\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FORM></BO
VALUE=\"%%MAGICVAL%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250
cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE
border=0 cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\"
color=\"#ffffff\">Authentication Required</font></b></TD></TR><TR><TD><TABLE
border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD
colspan=2><font size=2 face=\"Times New
Roman\">%%QUESTION%%</font></TD></TR><TR><TD><font size=2 face=\"Times
New Roman\">Username:</font></TD><TD><INPUT TYPE=\"text\"
NAME=\"%%USERNAMEID%%\" size=25></TD></TR><TR><TD><font size=2
face=\"Times New Roman\">Password:</font></TD><TD><INPUT TYPE=\"password\"
Login failed page NAME=\"%%PASSWORDID%%\" size=25></TD></TR><TR><TD><INPUT
"<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD><BODY><FORM
TYPE=\"hidden\"
ACTION=\"/\" method=\"POST\"><INPUT
NAME=\"%%REDIRID%%\" TYPE=\"hidden\"
VALUE=\"%%PROTURI%%\"><INPUT
NAME=\"%%MAGICID%%\"
TYPE=\"submit\"
VALUE=\"%%MAGICVAL%%\"><TABLE ALIGN=\"CENTER\" width=400 height=250
VALUE=\"Continue\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOR
cellpadding=2 cellspacing=0 border=0 bgcolor=\"#008080\"><TR><TD><TABLE
border=0 cellpadding=0 cellspacing=0 bgcolor=\"#9dc8c6\"><TR height=30
bgcolor=\"#008080\"><TD><b><font size=2 face=\"Verdana\"
color=\"#ffffff\">Authentication Failed</font></b></TD></TR><TR><TD><TABLE
border=0 cellpadding=5 cellspacing=0 width=\"320\" align=center><TR><TD
colspan=2><font size=2 face=\"Times New
Roman\">%%FAILED_MESSAGE%%</font></TD></TR><TR><TD><font size=2
face=\"Times New Roman\">Username:</font></TD><TD><INPUT TYPE=\"text\"
NAME=\"%%USERNAMEID%%\" size=25></TD></TR><TR><TD><font size=2
face=\"Times New Roman\">Password:</font></TD><TD><INPUT TYPE=\"password\"
Login challenge page NAME=\"%%PASSWORDID%%\" size=25></TD></TR><TR><TD><INPUT
Keepalive page TYPE=\"hidden\" NAME=\"%%REDIRID%%\" VALUE=\"%%PROTURI%%\"><INPUT
"<HTML>
TYPE=\"submit\"
VALUE=\"Continue\"></TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE></FOR
IM and P2P
File block message "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
File name block message "Transfer %%ACTION%%. The file name \"%%FILE%%\" matches the configured file
name block list."
Virus message "Transfer %%ACTION%%. The file \"%%FILE%%\" is infected with the virus
%%VIRUS%%. File quarantined as %%QUARFILENAME%%."
Oversized file message "Transfer %%ACTION%%. The file \"%%FILE%%\" is larger than the configured limit."
Voice chat block message Connection failed. You are not permitted to use voice chat.
Photo share block message Photo sharing failed. You are not permitted to share photo.
SSL VPN
SSL VPN login message "<html><head><title>login</title><meta http-equiv=\"Pragma\"
content=\"no-cache\"><meta http-equiv=\"cache-control\" content=\"no-cache\"><meta
http-equiv=\"cache-control\" content=\"must-revalidate\"><link
href=\"/sslvpn/css/login.css\" rel=\"stylesheet\" type=\"text/css\"><script
language=\"JavaScript\"><!--if (top && top.location != window.location) top.location =
top.location;if (window.opener && window.opener.top) { window.opener.top.location =
window.opener.top.location; self.close(); }//--></script></head><body
class=\"main\"><center><table width=\"100%\" height=\"100%\" align=\"center\"
class=\"container\" valign=\"middle\" cellpadding=\"0\" cellspacing=\"0\"><tr
valign=middle><td><form action=\"%%SSL_ACT%%\"
1.3 Admin method=\"%%SSL_METHOD%%\" name=\"f\"><table class=\"list\" cellpadding=10
cellspacing=0 align=center width=400
1.3.1 Administrators height=180>%%SSL_LOGIN%%</table>%%SSL_HIDDEN%%</td></tr></table></form></center
1.3.3 Settings
Parameter Key
Administration Ports HTTP 80
HTTPS 443
SSLVPN Login Port 10443
SSH 22
Telnet 23
Timeout Settings Idle Timeout 5
Auth Timeout
Display Settings Language English
Lines Per Page 50
Virtual Domain Configuration disable
1.4 Maintenance
2. Router
2.1 Static Routes
# Destination IP / Mask Gateway Device Distance Priority
1 0.0.0.0 0.0.0.0 192.168.100.1 port2 10 0
2 0.0.0.0 0.0.0.0 172.30.7.254 port10(Int_Mgnt) 10 0
3 0.0.0.0 0.0.0.0 10.10.11.254 port9(Ext_Mgnt) 10 0
2.2 RIP
2.2.1 General
Parameter Value
RIP Version 2
Default Metric 1
Default-information-originate disable
RIP Timers Update 30 sec.; Timeout 180 sec.; Garbage 120 sec.
3. Firewall
3.1 Policy Overview
3.3.1 Address
Type Adress Name Value Interface
IP
Bob 10.1.1.54
AddressPeer 192.168.4.2
AddressLocal 10.3.4.5
Peter 10.10.1.1
santhi 125.35.45.15
ftp 172.16.1.2
toll1 172.16.1.20
SUBNET
Any 0.0.0.0 0.0.0.0
sdf 0.0.0.0 0.0.0.0
dergham 192.168.250.0 255.255.255.0 port4
3.3.2 Address-Groups
Group Name Member
dergham2 "Any" "Bob"
anygroup Any
3.4 Services
3.5 Schedule
3.6 Virtual IP
3.6.1 Virtual IP
Name Type Interface / IP / Port Map to IP / Port HTTP Multiplexing
sever test1 server-load-balance port2 / 10.10.10.10
Real Server:Port Interval (Dead/Wake) Weight Health Check
20.20.20.20:80 10/10 1
30.30.30.30:80 10/10 1
3.6.3 IP Pool
Name Interface Start IP End IP
asdasda port1 0.0.0.0 0.0.0.0
1321 port5 192.168.0.1 192.168.0.1
dmz-1 port2 192.168.100.98 192.168.100.255
dmz-2 port2 192.168.100.97 192.168.100.97
adfdfsd port1 1.0.0.0 2.0.0.0
3.7.1 Sales
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan enable
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 1 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
3.7.2 nae
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan enable
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 10 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
3.7.3 webblock
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 10 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
3.7.4 YYYY
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan enable enable enable enable enable enable
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 10 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
3.7.5 deneme
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 10 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
3.7.6 bfg
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 10 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
3.7.7 testmio
Anti-Virus HTTP FTP IMAP POP3 SMTP IM NNTP Options
Virus Scan
File Filter
Quarantine
Pass Fragmented Emails enable enable enable
Comfort Clients
Oversized File/Email) pass pass pass pass pass pass
Threshold (MB) 10 10 10 10 10 10
Splice enable enable
Add signature to outgoing emails disable
Logging
AV
Web Filtering
FortiGuard Web Filtering
Spam Filtering
IPS
IM/P2P
VoIP
4. VPN
4.1 IPSec
4.1.2 Concentrator
Concentrator Name Members
TunnelCon Tunnel
4.2 SSL-VPN
4.2.1 Config
Login Port Tunnel IP Range Server Certificate Client Certificate Enc.-Alg. Idle Timeout
10443 10.0.0.20-10.0.0.80 self-sign not required default 300 sec
Portal Message
Authentication Timeout 28800 sec
SSLv2 disable
5. User
5.1 Local User
User Name Type Status
user1 Local enabled
cwindsor LDAP-Server: test2 enabled
test Local enabled
ricardo Local enabled
user2 Local enabled
5.2 LDAP
Name Server Name/IP Port CN Identifier Distinguished Name
test2 192.168.1.146 389 wut
CD SSL VPN
6. Anti-Virus
6.1 Antivirus Internal Settings
Options HTTP FTP IMAP POP3 SMTP IM NNTP
Scanned Ports
Scan Bzip2 disable disable disable disable disable disable disable
Scan Depth for compressed files 12 12 12 12 12 12 12
Max. uncompressed file size (MB) 10 10 10 10 10 10 10
6.3 Quarantine
6.3.1 Config
Options HTTP FTP IMAP POP3 SMTP IM NNTP
Quarantine Infected Files
Quarantine Suspicious Files
Quarantine Blocked Files
Parameter Value
Age Limits 0
Max Filesize to Quarantine 40
Quarantine To Disk
Low Disk Space overwrite oldest file
Parameter Value
Enable AutoSubmit disable
6.4 Grayware
Category Status
Adware enable
Dial enable
Game enable
Joke
P2P
Spy
Keylog
Hijacker
Plugin
NMT
RAT
Misc
BHO enable
Toolbar
Download enable
HackerTool enable
7. Intrusion Protection
8. Web Filter
8.1 Web Content Block
Banned Word List: test
Comment: test
9. Spam Filter
9.1 Banned Word
Banned Word List test
Num Pattern Pattern Type Language Where Score Status
10. IM
User Protocol Policy
abc@yahoo.com YAHOO permit
11. Log
11.1 Log Setting
FortiAnalyzer IP Log Level Encryption LocalID
1 disabled
2 disabled
3 disabled