Setting | Description |
Predefined firewall services | The IMAPS, POP3S and SMTPS predefined services. You can select these services in a security policy and a DoS policy. |
Protocol recognition | The TCP port numbers that the FortiGate unit inspects for HTTPS, IMAPS, POP3S, and SMTPS. Go to Policy > Policy > Proxy Options. Add or edit a Proxy Options profile, configure HTTPS, IMAPS, POP3S, SMTPS, and FTPS. Using Proxy Options, you can also configure the FortiGate unit to perform URL filtering of HTTPS or to use SSL content scanning and inspection to decrypt HTTPS so that the FortiGate unit can also apply antivirus and DLP content inspection and DLP archiving to HTTPS. Using SSL content scanning and inspection to decrypt HTTPS also allows you to apply more web filtering and FortiGuard Web Filtering options to HTTPS. To enable full SSL content scanning of web filtering, select Enable Deep Scanning under HTTPS in the Proxy Options profile. |
Antivirus | Antivirus options including virus scanning and file filtering for HTTPS, IMAPS, POP3S, and SMTPS. Go to AntiVirus > Profile. Add or edit a profile and configure Virus Scan for HTTPS, IMAPS, POP3S, and SMTPS. |
Antivirus quarantine | Antivirus quarantine options to quarantine files in HTTPS, IMAPS, POP3S, SMTPS, and FTPS sessions. Go to Security Profiles > AntiVirus > Quarantine. You can quarantine infected files, suspicious files, and blocked files found in HTTPS, IMAPS, POP3S, SMTPS, and FTPS sessions. |
Web filtering | Web filtering options for HTTPS: • Web Content Filter • Web URL Filter • ActiveX Filter • Cookie Filter • Java Applet Filter • Web Resume Download Block • Block invalid URLs Go to Security Profiles > Web Filter > Profile. Add or edit a web filter profile and configure web filtering for HTTPS. |
FortiGuard Web Filtering | FortiGuard Web Filtering options for HTTPS: • Enable FortiGuard Web Filtering • Enable FortiGuard Web Filtering Overrides • Provide Details for Blocked HTTP 4xx and 5xx Errors • Rate Images by URL (Blocked images will be replaced with blanks) • Allow Websites When a Rating Error Occurs • Strict Blocking • Rate URLs by Domain and IP Address • Block HTTP Redirects by Rating Go to Security Profiles > Web Filter > Profile. Add or edit a profile and configure FortiGuard Web Filtering for HTTPS. |
Email filtering | Email filtering options for IMAPS, POP3S, and SMTPS: • FortiGuard Email Filtering IP Address Check, URL check, E-mail Checksum Check, and Spam Submission • IP Address BWL Check • E-mail Address BWL Check • Return S-mail DNS Check • Banned Word Check • Spam Action • Tag Location • Tag Format Go to Security Profiles > Email Filter > Profile. Add or edit a profile and configure email filtering for IMAPS, POP3S, and SMTPS. |
Data Leak Prevention | DLP for HTTPS, IMAPS, POP3S, and SMTPS. To apply DLP, follow the steps below: • Go to Security Profiles > Data Leak Prevention > Sensor, create a new DLP sensor or edit an existing one and then add any combination of the DLP advanced rules, DLP compound rules, file filters, a Regular Expressions, and file size limits to a DLP sensor. • Go to Policy > Policy > Proxy Options. Add or edit a profile and select Enable Deep Scan under HTTPS. • Go to Policy > Policy > Policy, edit the required policy, enable DLP Sensor and select the DLP sensor. • Go to Policy > Policy > Policy, edit the required policy, enable Proxy Options and select a profile that has Enable Deep Scan selected under HTTPS. Note: If no Proxy Options profile is selected, or if Enable Deep Scan is not selected within the Proxy Options profile, DLP rules cannot inspect HTTPS. |
DLP archiving | DLP archiving for HTTPS, IMAPS, POP3S, and SMTPS. Add DLP Rules for the protocol to be archived. |
Monitor DLP content information on the system dashboard | DLP archive information on the Log and Archive Statistics widget on the system dashboard for HTTPS, IMAPS, POP3S, and SMTPS. Go to Policy > Policy > Proxy Options. Add or edit a profile. For each protocol you want monitored on the dashboard, enable Monitor Content Information for Dashboard. These options display meta-information on the Statistics dashboard widget. |