Chapter 19 Virtual Domains : Inter-VDOM routing : Example of inter-VDOM routing : Configuring the firewall and Security Profile settings : Configuring Security Profile settings for the Accounting VDOM
  
Configuring Security Profile settings for the Accounting VDOM
Security Profile settings include web filtering, antivirus, application control, and other features. This example just uses those three features to ensure that
the business environment is free from viruses
employees do not surf grossly inappropriate websites, and
employees do not use games or peer-to-peer applications at work.
To configure web filtering for the Accounting VDOM - web-based manager
1. Open the Accounting VDOM.
2. Go to Security Profiles > Web Filter > Profile.
3. Select Create New.
4. Enter webStrict for the Name.
5. Select the arrow to expand the FortiGuard Web Filtering section.
6. Block all Categories except Business Oriented, Other, and Unrated.
7. Block all Classifications except Image Search..
8. Log all Categories and Classifications.
9. Select OK.
To configure web filtering for the Accounting VDOM - CLI
config vdom
edit Accounting
config webfilter profile
edit webStrict
config ftgd-wf
set allow g07 g08 g21 g22 c01 c03
set deny g01 g02 g03 g04 g05 g06 c02 c04 c05 c06 c07
end
set web-ftgd-err-log enable
end
end
To configure AntiVirus for the Accounting VDOM - web-based manager
1. Open the Accounting VDOM.
2. Go to Security Profiles > AntiVirus > Profile.
3. Select Create New.
4. Enter avStrict for the Name.
5. Enable Scan for all protocols.
6. Enable File filter for all protocols, and select built-in-patterns for Option.
7. Enable logging for both Scan and File Filter.
8. Select OK.
To configure AntiVirus for the Accounting VDOM - CLI
config vdom
edit Accounting
config antivirus profile
edit avStrict
config http
set options scan file-filter
end
config ftp
set options scan file-filter
end
config imap
set options scan file-filter
end
config pop3
set options scan file-filter
end
config smtp
set options scan file-filter
end
config nntp
set options scan file-filter
end
config im
set options scan file-filter
end
set filepattable 1
set av-virus-log enable
set av-block-log enable
end
end
To configure application control for the Accounting VDOM - web-based manager
1. Open the Accounting VDOM.
2. Go to Security Profiles > Application Control > Application Sensor.
3. Select Create New (+ button at top right of page).
4. Enter appStrict for Name and select OK.
5. Select Create New.
6. In Filters, set Category to game.
7. In Applications/Settings, enter the following, and select OK.
Action
Block
Packet Logging
Enable
8. Select Create New.
9. In Filters, set Category to p2p.
10. In Applications/Settings, enter the following, and select OK.
Action
Block
Packet Logging
Enable
11. Select Apply.
To configure application control for the Accounting VDOM - CLI
config vdom
edit Accounting
config application list
edit appStrict
config entries
edit 1
set category 2
next
edit 2
set category 8
end
end
end