Proxy Option
The company will be using a number of the Security Profiles features on various policies but wants to use as few profiles as possible to make administration simpler. The decision has been made to have two profiles, the default one and a single customized one that will be a combination of the settings required to cover the situations that will not be covered by the default profile.
The company profile will have the following parameters:
• There are no FTP servers running on the site so there is no need for FTP.
• The company has a non-standard IMAP implementation the uses port 1143.
• The Comfort Clients is to be used with a ratio of 1 byte for every 15 seconds.
• There is a lot of varied email traffic so there is to be no blocking of emails due to size beyond the settings on the mail servers.
Go to Policy & Objects > Policy > Proxy Options.
Create a new profile
Fill out the fields with the following information:
Name | example_standard |
Comments | <optional> |
Log Oversized Files | <disabled> |
Protocol Port Mapping:
Enable | Protocol | Inspection Ports |
enabled | HTTP | Specify and <leave on default setting.> |
enabled | SMTP | Specify and <leave on default setting.> |
enabled | POP3 | Specify and <leave on default setting.> |
enabled | IMAP | Specify and 1143 |
not enabled | FTP | |
enabled | NNTP | Specify and <leave on default setting.> |
enabled | MAPI | <leave on default setting.> |
enabled | DNS | <leave on default setting.> |
Common Options
Comfort Clients | enabled |
• Interval (Seconds) | 15 |
• Amount(bytes) | 1 |
Block Oversized File/Email | not enabled |
• Threshold(MB) | not enabled |
Web Options
Enabled Chunked Bypass | not enabled |
Add Fortinet Bar | not enabled |
Communication Port | <Unseen because Add Fortinet Bar is not enabled> |
Email Options
Allow Fragmented Messages | <not enabled> |
Append Signature (SMTP) | <not enabled> |
Email Signature Text | <Unseen because Append Signature is not enabled> |
Select OK
Enter the following CLI command:
config firewall profile-protocol-options
edit example_standard
config http
set options clientcomfort no-content-summary
set comfort-interval 15
next
config ftp
set status disable
set options clientcomfort no-content-summary splice
set comfort-interval 15
next
config imap
set ports "1143"
set options fragmail no-content-summary
next
config mapi
set options fragmail no-content-summary
next
config pop3
set options fragmail no-content-summary
next
config smtp
set options fragmail no-content-summary splice
next
config nntp
set options no-content-summary splice
next
config ssh
set inspect-all enable
set log x11-filter ssh-shell exec port-forward
next
end