Chapter 19 Virtual Domains : Inter-VDOM routing : Example of inter-VDOM routing : Configuring the firewall and Security Profile settings : Configuring Security Profile settings for the Sales VDOM
  
Configuring Security Profile settings for the Sales VDOM
Security profile settings include web filtering, antivirus, application control, and other features. This example just uses those three features to ensure that
the business environment is free from viruses
employees do not surf grossly inappropriate websites, and
employees do not use games or peer-to-peer applications at work.
Note that Sales web traffic is different from Accounting, and web filtering is different to account for this.
To configure web filtering for the Sales VDOM - web-based manager
1. Open the Sales VDOM.
2. Go to Security Profiles > Web Filter > Profile.
3. Select Create New.
4. Enter webStrict for the Name.
5. In FortiGuard Categories, select all of the categories except Bandwidth Consuming, General Interest - Business and Unrated.
6. In Change Action for Selected Categories select Block.
7. Select Apply.
To configure web filtering for the Sales VDOM - CLI
config vdom
edit Sales
config webfilter profile
edit webStrict
config ftgd-wf
set allow g07 g08 g21 g22 c01 c03
set deny g01 g02 g03 g04 g05 g06 c02 c04 c05 c06 c07
end
set web-ftgd-err-log enable
end
end
To configure AntiVirus for the Sales VDOM - web-based manager
1. Open the Sales VDOM.
2. Go to Security Profiles > AntiVirus > Profile.
3. Select Create New.
4. Enter avStrict for the Name.
5. Enable virus scan for all protocols.
6. Select Apply.
To configure AntiVirus for the Sales VDOM - CLI
config vdom
edit Sales
config antivirus profile
edit "avStrict"
config http
set options scan file-filter
end
config ftp
set options scan file-filter
end
config imap
set options scan file-filter
end
config pop3
set options scan file-filter
end
config smtp
set options scan file-filter
end
config nntp
set options scan file-filter
end
config im
set options scan file-filter
end
set filepattable 1
set av-virus-log enable
set av-block-log enable
end
end
To configure application control for the Sales VDOM - web-based manager
1. Open the Accounting VDOM.
2. Go to Security Profiles > Application Control > Application Sensor.
3. Select Create New (+ button at top right of page).
4. Enter appStrict for Name and select OK.
5. Select Create New.
6. In Filters, set Category to game.
7. In Applications/Settings, enter the following, and select OK.
Action
Block
Packet Logging
Enable
8. Select Create New.
9. In Filters, set Category to p2p.
10. In Applications/Settings, enter the following, and select OK.
Action
Block
Packet Logging
Enable
11. Select Apply.
To configure application control for the Sales VDOM - CLI
config vdom
edit Sales
config application list
edit "appStrict"
config entries
edit 1
set category 2
next
edit 2
set category 8
end
end
end