Client Reputation
User or client behavior can sometimes increase the risk of being attacked or becoming infected. For example, if one of your network clients receives email viruses on a daily basis while no other clients receive these attachments, extra measures may be required to protect that client, or a discussion with the user about this issue may be warranted.
Before you can decide on a course of action, you need to know the problem is occurring. Client reputation can provide this information by tracking client behavior and reporting on activities that you determine are risky or otherwise worth tracking.
Client reputation profiles can be created, edited, and assigned to devices. When creating a profile, the default threat level definitions are used; these can be changed later, see
“To adjust client reputation profile threat level definitions:”. When Client Reputation Tracking is enabled, the
Log Allowed Traffic setting will be enabled on all policies. For more information on configuring the Client Reputation profile, see the
FortiOS 5.0 Handbook.
To create a new client reputation profile:
1. Go to the Endpoint Templates > Client Reputation Profile page and select Create New.
2. In the New Client Reputation Profile window, enter a name for the profile.
3. Select OK to create the new client reputation profile.
To edit a client reputation profile:
1. Right-click in the profile row and select Edit from the pop-up menu.
2. Edit the profile name as required, then select OK.
To adjust client reputation profile threat level definitions:
1. Click on a client reputation profile name.
The Threat Level Definition page opens.
2. Adjust the threat levels as needed:
Client Reputation Tracking | Turn on client reputation tracking. |
Reset | Reset all the threat level definition values back to their defaults. |
Import | Import threat level definitions from a device in the ADOM. |
Application Protection | Adjust the tracking levels for the different application types that can be tracked. |
Intrusion Protection | Adjust the tracking levels for the different attack types that can be tracked. |
Malware Protection | Adjust the tracking levels for the malware or botnet connections that can be detected. |
Packet Based Inspection | Adjust the tracking levels for failed connection attempts and traffic blocked by firewall policies. |
Web Activity | Adjust the tracking levels for various types of web activity. |
Risk Level Values | Adjust the values for the four risk levels. |
3. Select OK to save your changes and close the page.
To assign a client reputation profile to a device:
1. Right-click in the profile row and select Assigned Devices from the pop-up menu.
2. Add or remove devices as needed in the Assigned Devices dialog box, then select OK.
The devices assigned to the profile are shown in the Assign To column on the Client reputation content pane.
