In this Blog Post/Article I am covering Network Security Technology from Fortinet.
Fortinet have range of security products used by large companies to manage cybersecurity.
This is a tutorial of fortigate firewall where you will learning about the antivirus feature in fortigate.
How Fortigate Antivirus Works in preventing Cyber Attacks and blocking malware
Risk of Malware in an enterprise
- Casue Data Breaches
- Extort Money
- Steal Intellitcual property
- Destroy Systems
Foriguard Labs Provide Database of Signatures that allow to identify malware, updates occur and you can configure as per settings
- Hourly
- Daily
- Weekly
Let’s see how to create antivirus profile and policy in fortigate firewall.
Configure Foritgate Antivirus Profile
This is Fortigate Dashboard, where we create and configure policies to protect the organization from external threats.
Here, we are creating an antivirus policy, hence navigate to: Security Profiles
After Clicking Security Profiles you get options like:
- Web Filter
- Antivirus
- DNS Filter
- Application Control
- Intrusion Prevention
- File Filter
- SSL/SSH Inspection
- Application Signatures
- IPS Signatures
As we are creating an antivirus policy in fortigate firewall, you need to click on “Antivirus”
Click – Antivirus
This is a sample security profile created by default.
There can be multiple security profiles under this section, depending on the organization size and needs.
Here, we are configuring the “default” security profile and creating an antivirus policy for this.
Click Default > and Click Edit ( At Top beside Create New)
These are all settings under “Antivirus”
Under APT Protection Options you can see multiple options which are enabled by default.
Enable > Treat Windows Executables in email attachments as viruses
Enable > Use fortiguard outbound protection by Clicking the Block Option
Now, the antivirus policy has been configured and created in the security profile. .
Add Antivirus Policy to a firewall policy
Now that we have created an antivirus profile in fortigate.
Now we create a policy to fully configure the antivirus policy.
Click on Policy & Objects > Firewall Policy
Under Firewall Policy Option you can see various settings.
In Security Profiles section you can see:
- Antivirus
- Web Filter
- DNS Filter
- Application Filter
- IPS
- File Filter
As we are creating an antivirus profile, Enable Antivirus to confirm the configuration.
As you can see above, our antivirus profile is working here.
It blocked the malicious web resource and displaying the message “High Security Alert”
Now Let’s check the firewall logs where the security event is generated.
You can see Firewall Logs under Logs & Report in Fortigate
Click on Logs&Report Option to view the security incident.
As you can see the file ‘EICAR_TEST” is blocked by Fortigate.
Hence any malicious file will be blocked and will be generated under logs which can be helpful in Audit.
Fortigate has many advanced features as well apart from antivirus. It’s a complete network security solution to combat Cyber Attacks.
After reading this Blog Post, you have learned to:
- Create An Antivirus Profile
- Add Antivirus Policy to a firewall policy
- Verify Configuration and monitor firewall logs
The Credit for this article is from Fortinet and the references taken.
Stay Tuned for more Network Security Technologies at CyberNomadTV
