Setting the client reputation profile/definition
Configure the client reputation profile by going to Security Profiles > Client Reputation > Threat Level Definition. You configure one client reputation profile for all of the activity monitored by the FortiGate unit. The profile sets the risk levels for the types of behavior that client reputation monitors. You can set the risk to off, low, medium, high and critical for the following types of behavior:
• Application Protection
• Botnet applications
• P2P applications
• Proxy applications
• Games applications
• Intrusion protection (IPS)
• Critical severity attack detected
• High severity attack detected
• Medium severity attack detected
• Low severity attack detected
• Informational severity attack detected
• Malware Protection
• Malware detected
• Botnet connection detected
• Packet based inspection
• Blocked by firewall policy
• Failed connection attempts
• Web Activity
• All blocked URLs
• Visit to security risk sites
• Visit to potentially liable sites
• Visit to adult/mature content sites
• Visit to bandwidth consuming sites
Figure 301: Default client reputation profile
To configure the profile, decide how risky or dangerous each of the types of behavior are to your network and rate them accordingly. The higher you rate a type of behavior, the more visible clients engaging in this behavior will become in the client reputation monitor and the more easily you can detect this behavior.
For example, if you consider malware a high risk for your network, you can set the client reputation profile for malware to high or critical (as it is in the default client reputation profile). Then, whenever any amount of malware is detected, clients that originated the malware will be very visible in the client reputation monitor.
Set the risk to off for types of activity that you do not want client reputation to report on. This does not reduce the performance requirements or the amount of data gathered by client reputation, just the report output.
You can change a profile setting at any time and data that has already been collected will be used.
It is normally not necessary to change the Risk Level Values but it can be done if you need to alter the relative importance of the risk settings.