This FortiOS Handbook chapter contains the following sections:

What's new in FortiOS 5.4 lists and describes the new security profile features in FortiOS 5.4 and 5.4.1.

Inside FortiOS highlights the features and benefits of key FortiOS 5.4 components. The technical documentation team maintains these documents as part of the Handbook and as standalone documents which are available at Fortinet's Online Help for FortiOS 5.4. Inside FortiOS covers the following security profiles topics:

• AntiVirus
• Application Control
• Intrusion Prevention System
• Web Filtering

Security Profiles overview describes Security Profiles components and their relation to firewall policies, as well as SSL content scanning and inspection.

AntiVirus explains how the FortiGate unit scans files for viruses and describes how to configure the antivirus options.

Web filter describes basic web filtering concepts, FortiGuard Web Filtering, the order in which the FortiGate unit performs web filtering, and configuration.

Application Control describes how your FortiGate unit can detect and take action against network traffic based on the application generating the traffic.

FortiClient Profiles addresses the FortiClient Profiles endpoint protection features and configuration, including changes that first appeared in FortiOS 5.4.1.

Intrusion protection explains basic Intrusion Protection System (IPS) concepts and how to configure IPS options; includes guidance and a detailed table for creating custom signatures as well as several examples.

Custom Application & IPS Signatures describes how to create custom Application Control and IPS signatures.

Anti-Spam filter explains how the FortiGate unit filters email and describes how to configure the filtering options and the action to take with email detected as spam.

Data leak prevention describes the DLP features that allow you to prevent sensitive data from leaving your network and explains how to configure the DLP rules, compound rules, and sensors.

ICAP support describes how to offload traffic to a separate server specifically set up for the specialized processing of the traffic.

Other Security Profiles considerations addresses topics like Security Profiles VDOMs, conserve mode, SSL content scanning and inspection, using wildcards and Perl regular expressions, adding External Security Devices, CPU allocation and tuning commands to survive reboot and so on.