1st here's the default AV profile on a typical firewall.
When the AVprofile has detected a virus it will throw a similar formatted log_message
You can test both HTTP and HTTPS when you have ssl-inspection enabled.
Note, this is a sure way to test that your ssl-inspection is also working btw
If you have NO ssl-inspection profile enable, the fortigate-firewall will let you download the EICAR test.file over a secure protocol like HTTPs with no warning. Here's a source for text and zip or double-zip files.
http://www.rexswain.com/eicar.html
e.g ( with no ssl-inspection the EICAR test file was downloaded )
Security best practice mandate you should have AV enabled and ssl-inspection profile for protecting local lan users if end-point protection has not been installed.
Here's how a firewall policy will look like from the CLI & that's enabled for AV-profile and with SSL inspections.
A feedback page will be displayed to the end-user who hit's the policy and a simple link provided if he/she want to investigate what and why the content was blocked in regards to AV.
( https test EICAR file source )
https://secure.eicar.org/eicar.com
If your using the fortigate as an explicit -proxy, please ensure you have AVprofiles in use and in proxy-mode.example
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment