{"id":232,"date":"2022-03-11T04:24:24","date_gmt":"2022-03-11T09:24:24","guid":{"rendered":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/chapter-7-security-profile\/"},"modified":"2025-12-11T15:09:44","modified_gmt":"2025-12-11T20:09:44","slug":"security-profile","status":"publish","type":"chapter","link":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/security-profile\/","title":{"raw":"7.2 Security Profile","rendered":"7.2 Security Profile"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<ul>\r\n \t<li class=\"hanging-indent\">Configure a Security Profile<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to become familiar with different types of Security Profile such as AntiVirus, File Filter, IPS and DNS Filter. WebTerm2 acts as a local computer and we set a Security Profile on traffic passing from Port2 to Port1.<\/div>\r\n\r\n[caption id=\"attachment_222\" align=\"aligncenter\" width=\"1207\"]<img class=\"wp-image-209 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/1.jpg\" alt=\"Security Profile main scenario\" width=\"1207\" height=\"504\" \/> Figure 7.9: Main scenario[\/caption]\r\n\r\n<div class=\"textbox shaded\"><span style=\"background-color: #ffff00\"><strong>Note<\/strong>: From version 7.4, inspection mode by default is disabled. You can continue security profile features without this option.<\/span><\/div>\r\n<div class=\"mceTemp\"><\/div>\r\n<ol>\r\n \t<li>We will continue the previous scenario and set up a DHCP server on port2.\r\n\r\n[caption id=\"attachment_219\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-219\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4.jpg\" alt=\"set up a DHCP server on port2\" width=\"500\" height=\"335\" \/> Figure 7.10: Enable DHCP Server on port2[\/caption]<\/li>\r\n \t<li>Go to <strong>security profile<\/strong> &gt; <strong>Anti-Virus<\/strong>, create a new profile:\r\n<ul>\r\n \t<li>Name: <strong>myantivirus<\/strong><\/li>\r\n \t<li>Scan Mode: <strong>full<\/strong><\/li>\r\n \t<li>Inspection Protocol: <strong>HTTP, SMTP, IMAP, POP3, FTP<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_222\" align=\"aligncenter\" width=\"1051\"]<img class=\"wp-image-220 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3.jpg\" alt=\"AntiVirus Profile\" width=\"1051\" height=\"792\" \/> Figure 7.11: AntiVirus Profile[\/caption]<\/li>\r\n \t<li>Create a Firewall policy:\r\n<ul>\r\n \t<li>Name: <strong>Port2-to-Port1<\/strong><\/li>\r\n \t<li><span style=\"background-color: #ffff00\">Incoming Interface: <strong>port2<\/strong><\/span><\/li>\r\n \t<li>Outgoing interface: <strong>port1<\/strong><\/li>\r\n \t<li>Source, Destination, Service: <strong>all<\/strong><\/li>\r\n \t<li>Security Profile: <strong>myantivirus<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_222\" align=\"aligncenter\" width=\"849\"]<img class=\"wp-image-221 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3.jpg\" alt=\"Create a Firewall Policy and assign AntiVirus Profile\" width=\"849\" height=\"691\" \/> Figure 7.12: Create a Firewall Policy and assign AntiVirus Profile[\/caption]<\/li>\r\n \t<li>Go to <strong>Security Profile<\/strong> &gt; <strong>File Filter<\/strong>, Create a new profile:\r\n<ul>\r\n \t<li>Name: <strong>MyFileFilter<\/strong><\/li>\r\n \t<li>Create a New Filter rule\r\n<ul>\r\n \t<li>Name: <strong>Block-PDF-ZIP<\/strong><\/li>\r\n \t<li>Protocols: <strong>HTTP-FTP<\/strong><\/li>\r\n \t<li>File Type: <strong>PDF-ZIP<\/strong><\/li>\r\n \t<li>Action: <strong>Block<\/strong><\/li>\r\n \t<li>Direction: <strong>any<\/strong><\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n[caption id=\"attachment_222\" align=\"aligncenter\" width=\"1027\"]<img class=\"wp-image-222 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1.jpg\" alt=\"File Filter profile\" width=\"1027\" height=\"723\" \/> Figure 7.13: File Filter profile[\/caption]\r\n\r\n[caption id=\"attachment_222\" align=\"aligncenter\" width=\"966\"]<img class=\"wp-image-476 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/13-1-1.jpg\" alt=\"\" width=\"966\" height=\"658\" \/> Figure 7.14: Blocking Pdf-Zip[\/caption]\r\n<ul>\r\n \t<li>Set the firewall Policy to <strong>Proxy mode.<\/strong><\/li>\r\n \t<li>Go to <strong>Policy &amp; Objects<\/strong> &gt; <strong>Firewall Policy<\/strong> and assign MyFileFilter to the \u201cPort2-to-Port1\u201d policy. Make sure inspection mode set to proxy-based.<\/li>\r\n<\/ul>\r\n[caption id=\"attachment_477\" align=\"aligncenter\" width=\"851\"]<img class=\"wp-image-477 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/14-1-1.jpg\" alt=\"Assign File Filter profile to Firewall Policy\" width=\"851\" height=\"793\" \/> Figure 7.15: Assign File Filter profile to Firewall Policy[\/caption]<\/li>\r\n \t<li>Go to <a class=\"internal\" href=\"https:\/\/talebi.ca\/wp-content\/uploads\/2021\/11\/prtgdesktop.pdf\">http:\/\/talebi.ca\/wp-content\/uploads\/2021\/11\/prtgdesktop.pdf<\/a>\u00a0and verify your result.\r\n\r\n[caption id=\"attachment_222\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-478 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/15-1-1.jpg\" alt=\"Go to http:\/\/talebi.ca\/wp-content\/uploads\/2021\/11\/prtgdesktop.pdf\u00a0 and verify your result.\" width=\"400\" \/> Figure 7.16: Verify configuration[\/caption]<\/li>\r\n \t<li>Go to <strong>Security Profile<\/strong> &gt; <strong>Intrusion Prevention<\/strong>, create a new profile:\r\n<ul>\r\n \t<li>Name: <strong>MyIPS<\/strong><\/li>\r\n \t<li>Add Signature: <strong>AAEH Botnet, Acuntix Web Vulnerability Scanner, Adobe Flash Player CSRF<\/strong>\r\n\r\n[caption id=\"attachment_480\" align=\"aligncenter\" width=\"910\"]<img class=\"wp-image-480 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/17-2.jpg\" alt=\"Intrusion Prevention Profile\" width=\"910\" height=\"631\" \/> Figure 7.17: Intrusion Prevention Profile[\/caption]<\/li>\r\n<\/ul>\r\n<\/li>\r\n \t<li>Go to <strong>Policy &amp; Objects<\/strong> &gt; <strong>Firewall Policy<\/strong> and assign MyIPS to the \u201cPort2-to-Port1\u201d policy.\r\n\r\n[caption id=\"attachment_481\" align=\"aligncenter\" width=\"818\"]<img class=\"wp-image-481 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/18-2.jpg\" alt=\"Assign IPS profile to Firewall Policy\" width=\"818\" height=\"514\" \/> Figure 7.18: Assign IPS profile to Firewall Policy[\/caption]<\/li>\r\n \t<li>Go to <strong>Security Profile<\/strong> &gt; <strong>DNS Filter<\/strong>, create a new profile:\r\n<ul>\r\n \t<li>Name: <strong>MyDNS<\/strong><\/li>\r\n \t<li>FortiGate Category Based Filter:\r\n<ul>\r\n \t<li>Bandwidth Consuming:<strong> Peer-to-Peer File Sharing<\/strong>: Block, <strong>Internet Radio and TV<\/strong>: Block<\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n[caption id=\"attachment_231\" align=\"aligncenter\" width=\"752\"]<img class=\"wp-image-484\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/20-2.jpg\" alt=\"Assign DNS Filter Profile to Firewall Policy\" width=\"752\" height=\"451\" \/> Figure 7.19: Assign DNS Filter Profile to Firewall Policy[\/caption]\r\n\r\nYou can verify your configuration by visiting <strong>http:\/\/talebi.ca<\/strong>.\r\n\r\n[caption id=\"attachment_231\" align=\"aligncenter\" width=\"1227\"]<img class=\"wp-image-485 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/21-1.jpg\" alt=\"Verify configuration\" width=\"1227\" height=\"471\" \/> Figure 7.20: Verify configuration[\/caption]\r\n\r\nVerify your <strong>Log &amp; Report<\/strong> &gt; <strong>DNS Query<\/strong>.\r\n\r\n[caption id=\"attachment_231\" align=\"alignnone\" width=\"1258\"]<img class=\"wp-image-231 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22.jpg\" alt=\"\" width=\"1258\" height=\"535\" \/> <span style=\"background-color: #ffff00\">Figure 7.21: Verify DNS query<\/span>[\/caption]<\/li>\r\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li class=\"hanging-indent\">Configure a Security Profile<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to become familiar with different types of Security Profile such as AntiVirus, File Filter, IPS and DNS Filter. WebTerm2 acts as a local computer and we set a Security Profile on traffic passing from Port2 to Port1.<\/div>\n<figure id=\"attachment_222\" aria-describedby=\"caption-attachment-222\" style=\"width: 1207px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-209 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/1.jpg\" alt=\"Security Profile main scenario\" width=\"1207\" height=\"504\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1.jpg 1207w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-300x125.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-1024x428.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-768x321.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-65x27.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-225x94.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-350x146.jpg 350w\" sizes=\"auto, (max-width: 1207px) 100vw, 1207px\" \/><figcaption id=\"caption-attachment-222\" class=\"wp-caption-text\">Figure 7.9: Main scenario<\/figcaption><\/figure>\n<div class=\"textbox shaded\"><span style=\"background-color: #ffff00\"><strong>Note<\/strong>: From version 7.4, inspection mode by default is disabled. You can continue security profile features without this option.<\/span><\/div>\n<div class=\"mceTemp\"><\/div>\n<ol>\n<li>We will continue the previous scenario and set up a DHCP server on port2.<br \/>\n<figure id=\"attachment_219\" aria-describedby=\"caption-attachment-219\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-219\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4.jpg\" alt=\"set up a DHCP server on port2\" width=\"500\" height=\"335\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4.jpg 677w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4-300x201.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4-65x43.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4-225x151.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/9-4-350x234.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-219\" class=\"wp-caption-text\">Figure 7.10: Enable DHCP Server on port2<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>security profile<\/strong> &gt; <strong>Anti-Virus<\/strong>, create a new profile:\n<ul>\n<li>Name: <strong>myantivirus<\/strong><\/li>\n<li>Scan Mode: <strong>full<\/strong><\/li>\n<li>Inspection Protocol: <strong>HTTP, SMTP, IMAP, POP3, FTP<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_222\" aria-describedby=\"caption-attachment-222\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-220 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3.jpg\" alt=\"AntiVirus Profile\" width=\"1051\" height=\"792\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3.jpg 1051w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3-300x226.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3-1024x772.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3-768x579.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3-65x49.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3-225x170.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-3-350x264.jpg 350w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-222\" class=\"wp-caption-text\">Figure 7.11: AntiVirus Profile<\/figcaption><\/figure>\n<\/li>\n<li>Create a Firewall policy:\n<ul>\n<li>Name: <strong>Port2-to-Port1<\/strong><\/li>\n<li><span style=\"background-color: #ffff00\">Incoming Interface: <strong>port2<\/strong><\/span><\/li>\n<li>Outgoing interface: <strong>port1<\/strong><\/li>\n<li>Source, Destination, Service: <strong>all<\/strong><\/li>\n<li>Security Profile: <strong>myantivirus<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_222\" aria-describedby=\"caption-attachment-222\" style=\"width: 849px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-221 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3.jpg\" alt=\"Create a Firewall Policy and assign AntiVirus Profile\" width=\"849\" height=\"691\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3.jpg 849w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3-300x244.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3-768x625.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3-65x53.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3-225x183.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-3-350x285.jpg 350w\" sizes=\"auto, (max-width: 849px) 100vw, 849px\" \/><figcaption id=\"caption-attachment-222\" class=\"wp-caption-text\">Figure 7.12: Create a Firewall Policy and assign AntiVirus Profile<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>Security Profile<\/strong> &gt; <strong>File Filter<\/strong>, Create a new profile:\n<ul>\n<li>Name: <strong>MyFileFilter<\/strong><\/li>\n<li>Create a New Filter rule\n<ul>\n<li>Name: <strong>Block-PDF-ZIP<\/strong><\/li>\n<li>Protocols: <strong>HTTP-FTP<\/strong><\/li>\n<li>File Type: <strong>PDF-ZIP<\/strong><\/li>\n<li>Action: <strong>Block<\/strong><\/li>\n<li>Direction: <strong>any<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure id=\"attachment_222\" aria-describedby=\"caption-attachment-222\" style=\"width: 1027px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-222 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1.jpg\" alt=\"File Filter profile\" width=\"1027\" height=\"723\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1.jpg 1027w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1-300x211.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1-1024x721.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1-768x541.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1-65x46.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1-225x158.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1-350x246.jpg 350w\" sizes=\"auto, (max-width: 1027px) 100vw, 1027px\" \/><figcaption id=\"caption-attachment-222\" class=\"wp-caption-text\">Figure 7.13: File Filter profile<\/figcaption><\/figure>\n<figure id=\"attachment_222\" aria-describedby=\"caption-attachment-222\" style=\"width: 966px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-476 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/13-1-1.jpg\" alt=\"\" width=\"966\" height=\"658\" \/><figcaption id=\"caption-attachment-222\" class=\"wp-caption-text\">Figure 7.14: Blocking Pdf-Zip<\/figcaption><\/figure>\n<ul>\n<li>Set the firewall Policy to <strong>Proxy mode.<\/strong><\/li>\n<li>Go to <strong>Policy &amp; Objects<\/strong> &gt; <strong>Firewall Policy<\/strong> and assign MyFileFilter to the \u201cPort2-to-Port1\u201d policy. Make sure inspection mode set to proxy-based.<\/li>\n<\/ul>\n<figure id=\"attachment_477\" aria-describedby=\"caption-attachment-477\" style=\"width: 851px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-477 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/14-1-1.jpg\" alt=\"Assign File Filter profile to Firewall Policy\" width=\"851\" height=\"793\" \/><figcaption id=\"caption-attachment-477\" class=\"wp-caption-text\">Figure 7.15: Assign File Filter profile to Firewall Policy<\/figcaption><\/figure>\n<\/li>\n<li>Go to <a class=\"internal\" href=\"https:\/\/talebi.ca\/wp-content\/uploads\/2021\/11\/prtgdesktop.pdf\">http:\/\/talebi.ca\/wp-content\/uploads\/2021\/11\/prtgdesktop.pdf<\/a>\u00a0and verify your result.<br \/>\n<figure id=\"attachment_222\" aria-describedby=\"caption-attachment-222\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-478 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/15-1-1.jpg\" alt=\"Go to http:\/\/talebi.ca\/wp-content\/uploads\/2021\/11\/prtgdesktop.pdf\u00a0 and verify your result.\" width=\"400\" \/><figcaption id=\"caption-attachment-222\" class=\"wp-caption-text\">Figure 7.16: Verify configuration<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>Security Profile<\/strong> &gt; <strong>Intrusion Prevention<\/strong>, create a new profile:\n<ul>\n<li>Name: <strong>MyIPS<\/strong><\/li>\n<li>Add Signature: <strong>AAEH Botnet, Acuntix Web Vulnerability Scanner, Adobe Flash Player CSRF<\/strong><br \/>\n<figure id=\"attachment_480\" aria-describedby=\"caption-attachment-480\" style=\"width: 910px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-480 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/17-2.jpg\" alt=\"Intrusion Prevention Profile\" width=\"910\" height=\"631\" \/><figcaption id=\"caption-attachment-480\" class=\"wp-caption-text\">Figure 7.17: Intrusion Prevention Profile<\/figcaption><\/figure>\n<\/li>\n<\/ul>\n<\/li>\n<li>Go to <strong>Policy &amp; Objects<\/strong> &gt; <strong>Firewall Policy<\/strong> and assign MyIPS to the \u201cPort2-to-Port1\u201d policy.<br \/>\n<figure id=\"attachment_481\" aria-describedby=\"caption-attachment-481\" style=\"width: 818px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-481 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/18-2.jpg\" alt=\"Assign IPS profile to Firewall Policy\" width=\"818\" height=\"514\" \/><figcaption id=\"caption-attachment-481\" class=\"wp-caption-text\">Figure 7.18: Assign IPS profile to Firewall Policy<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>Security Profile<\/strong> &gt; <strong>DNS Filter<\/strong>, create a new profile:\n<ul>\n<li>Name: <strong>MyDNS<\/strong><\/li>\n<li>FortiGate Category Based Filter:\n<ul>\n<li>Bandwidth Consuming:<strong> Peer-to-Peer File Sharing<\/strong>: Block, <strong>Internet Radio and TV<\/strong>: Block<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure id=\"attachment_231\" aria-describedby=\"caption-attachment-231\" style=\"width: 752px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-484\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/20-2.jpg\" alt=\"Assign DNS Filter Profile to Firewall Policy\" width=\"752\" height=\"451\" \/><figcaption id=\"caption-attachment-231\" class=\"wp-caption-text\">Figure 7.19: Assign DNS Filter Profile to Firewall Policy<\/figcaption><\/figure>\n<p>You can verify your configuration by visiting <strong>http:\/\/talebi.ca<\/strong>.<\/p>\n<figure id=\"attachment_231\" aria-describedby=\"caption-attachment-231\" style=\"width: 1227px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-485 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/21-1.jpg\" alt=\"Verify configuration\" width=\"1227\" height=\"471\" \/><figcaption id=\"caption-attachment-231\" class=\"wp-caption-text\">Figure 7.20: Verify configuration<\/figcaption><\/figure>\n<p>Verify your <strong>Log &amp; Report<\/strong> &gt; <strong>DNS Query<\/strong>.<\/p>\n<figure id=\"attachment_231\" aria-describedby=\"caption-attachment-231\" style=\"width: 1258px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-231 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22.jpg\" alt=\"\" width=\"1258\" height=\"535\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22.jpg 1258w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22-300x128.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22-1024x435.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22-768x327.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22-65x28.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22-225x96.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/22-350x149.jpg 350w\" sizes=\"auto, (max-width: 1258px) 100vw, 1258px\" \/><figcaption id=\"caption-attachment-231\" class=\"wp-caption-text\"><span style=\"background-color: #ffff00\">Figure 7.21: Verify DNS query<\/span><\/figcaption><\/figure>\n<\/li>\n<\/ol>\n","protected":false},"author":1562,"menu_order":2,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-232","chapter","type-chapter","status-publish","hentry"],"part":208,"_links":{"self":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/1562"}],"version-history":[{"count":19,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/232\/revisions"}],"predecessor-version":[{"id":1151,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/232\/revisions\/1151"}],"part":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/208"}],"metadata":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/232\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=232"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=232"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=232"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}