Configuring Security Profile settings for the Sales VDOM
Security profile settings include web filtering, antivirus, application control, and other features. This example just uses those three features to ensure that
• the business environment is free from viruses
• employees do not surf grossly inappropriate websites, and
• employees do not use games or peer-to-peer applications at work.
Note that Sales web traffic is different from Accounting, and web filtering is different to account for this.
To configure web filtering for the Sales VDOM - web-based manager
1. Open the Sales VDOM.
2. Go to Security Profiles > Web Filter > Profile.
3. Select Create New.
4. Enter webStrict for the Name.
5. In FortiGuard Categories, select all of the categories except Bandwidth Consuming, General Interest - Business and Unrated.
6. In Change Action for Selected Categories select Block.
7. Select Apply.
To configure web filtering for the Sales VDOM - CLI
config vdom
edit Sales
config webfilter profile
edit webStrict
config ftgd-wf
set allow g07 g08 g21 g22 c01 c03
set deny g01 g02 g03 g04 g05 g06 c02 c04 c05 c06 c07
end
set web-ftgd-err-log enable
end
end
To configure AntiVirus for the Sales VDOM - web-based manager
1. Open the Sales VDOM.
2. Go to Security Profiles > AntiVirus > Profile.
3. Select Create New.
4. Enter avStrict for the Name.
5. Enable virus scan for all protocols.
6. Select Apply.
To configure AntiVirus for the Sales VDOM - CLI
config vdom
edit Sales
config antivirus profile
edit "avStrict"
config http
set options scan file-filter
end
config ftp
set options scan file-filter
end
config imap
set options scan file-filter
end
config pop3
set options scan file-filter
end
config smtp
set options scan file-filter
end
config nntp
set options scan file-filter
end
config im
set options scan file-filter
end
set filepattable 1
set av-virus-log enable
set av-block-log enable
end
end
To configure application control for the Sales VDOM - web-based manager
1. Open the Accounting VDOM.
2. Go to Security Profiles > Application Control > Application Sensor.
3. Select Create New (+ button at top right of page).
4. Enter appStrict for Name and select OK.
5. Select Create New.
6. In Filters, set Category to game.
7. In Applications/Settings, enter the following, and select OK.
Action | Block |
Packet Logging | Enable |
8. Select Create New.
9. In Filters, set Category to p2p.
10. In Applications/Settings, enter the following, and select OK.
Action | Block |
Packet Logging | Enable |
11. Select Apply.
To configure application control for the Sales VDOM - CLI
config vdom
edit Sales
config application list
edit "appStrict"
config entries
edit 1
set category 2
next
edit 2
set category 8
end
end
end