Professional Documents
Culture Documents
Fort I Gate Report
Fort I Gate Report
Hostname: "FG3600-Internet"
FortiGate FG3600
1. System Configuration
Fortigate is configured in Route/NAT mode.
202.22.22.1
202.22.22.22 255.255.255.192
port1: pppoe
port2: 10.10.10.1 255.255.255.0
port3: 192.168.210.100 255.255.255.0
port4: 192.168.220.100 255.255.255.0
192.168.10.99 255.255.255.0
1.1 Status
Paramater
Host Name
Operation Mode
Key
FG3600-Internet
Route/NAT
1.2 Network
1.2.1 Interface
Name
external
internal
port1
port2
port3
port4
Nov 2005
IP - Netmask
202.22.22.22 255.255.255.192
192.168.10.99 255.255.255.0
pppoe
10.10.10.1 255.255.255.0
192.168.210.100 255.255.255.0
192.168.220.100 255.255.255.0
Access
ping https ssh
ping
ping
Ping Server
202.11.11.11
80.11.11.11
MTU
Log
enable
enable
Page: 1
PPPoE
user@testisp.ch
1
1
20
enable
enable
1.2.2 DNS
DNS Server
Primary
Secondary
IP
195.186.1.121
195.186.4.121
1.3 DHCP
1.3.1 Service
Interface
external
internal
Service
NONE
DHCP Server
Name
Domain
Default Gateway
IP Range / Network Mask
Lease Time
DNS Server
WINS Server
Options
port1
port2
port3
port4
"internal_dhcp_server"
192.168.10.99
192.168.10.210-192.168.10.220 / 255.255.255.0
7 days, 0 hours, 0 minutes
192.168.10.99
NONE
NONE
NONE
NONE
1.4 Config
1.4.1 Time
Timezone
(GMT+01:00) Amsterdam, Berlia, Bern, Rome, Stockholm, Vienna
Set Time
Synchronize with NTP Server
Syn Interval
60 min
Nov 2005
NTP Server
132.246.168.148
Page: 2
1.4.2 Options
Parameter
Idle Timeout
Auth Timeout
Web Administration - Language
LCD Panel
Dead Gateway Detection
Nov 2005
Key
20
30
english
enable (XXXXXX)
Detection Interval: 5 (seconds)
Fail-over Detection: 5 (lost consecutive pings)
Page: 3
client filesize
client banned word
FTP
virus message
blocked message
oversized message
Alert Mail
test message
virus message
block message
intrusion message
critical event message
disk full message
Nov 2005
"Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been
removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File
quarantined as: \"%%QUARFILENAME%%\"."
"Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been
blocked. File quarantined as: \"%%QUARFILENAME%%\"."
"This email has been blocked. The email message is larger than the configured file size
limit."
"Fragmented emails are blocked."
"The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined
as %%QUARFILENAME%%"
"The file %%FILE%% has been blocked. File quarantined as:
%%QUARFILENAME%%"
"This
message is larger than the configured limit and has been blocked."
"Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File
quarantined as %%QUARFILENAME%%."
"Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
"File size limit exceeded."
Page: 4
Spam
Email IP
RBL/ORDBL message
HELO/EHLO domain
Email address
Mime header
Returned email domain
Banned word
FortiShield URL block
Category Block
URL block message
"Mail from this IP address is not allowed and has been blocked."
"This message has been blocked because it is from a RBL/ORDBL IP address."
"This message has been blocked because the HELO/EHLO domain is invalid"
"Mail from this email address is not allowed and has been blocked."
"This message has been blocked because it contains an invalid header."
"This message has been blocked because the return email domain is invalid."
"This message has been blocked because it contains a banned word."
1.5 Admin
1.5.1 Administrators
Adminstrator
admin
monitor
Permission
prof_admin
read
Trusted Host #1
Trusted Host #2
Trusted Host #3
192.168.10.0 255.255.255.0
Access Control
System Configuration
Log & Report
Security Policy
Auth Users
Admin Users
FortiProtect Update
System Shutdown
Read
yes
yes
yes
yes
yes
yes
yes
Write
yes
yes
yes
yes
yes
yes
yes
"read"
Access Control
System Configuration
Log & Report
Security Policy
Auth Users
Admin Users
FortiProtect Update
System Shutdown
Read
yes
yes
yes
yes
yes
yes
yes
Write
Nov 2005
Page: 5
Key
No
Yes
Yes - every - 1:15
2. Router
2.1 Static Routes
#
1
2
3
Destination IP / Mask
0.0.0.0 0.0.0.0
10.10.11.0 255.255.255.0
10.10.12.0 255.255.255.0
Gateway
202.22.22.1
10.10.10.250
10.10.10.111
Device
external
port2
port2
Distance
10
10
10
2.2 RIP
2.2.1 General
Parameter
RIP Version
Default Metric
Default-information-originate
Value
1
1
disable
RIP Timers
Update 30 (seconds)
Timeout 180 (seconds)
Redistribute
Connected
Static
disabled
disabled
Nov 2005
Page: 6
3. Firewall
3.1 Policy Overview
3.1.1 external -> port2
ID
11
8
9
Source
pptp-range
all
all
Destination
Schedule
DMZ_All
always
VIP_WebServer always
VIP_SMTP_Serveralways
Service
ANY
http
smtp
Action
accept
accept
accept
NAT
Anti-VirusLog
enable
strict
strict
Status
enable
enable
enable
Schedule
always
always
always
always
Operational
Hours
Service
Action
ANY
encrypt
RDP
encrypt
ANY
encrypt
DNS
accept
InternetServiceaccept
NAT
Anti-VirusLog
scan
Status
enable
enable
enable
enable
enable
Schedule
always
Operational
Hours
Service
Action
DNS
accept
InternetServiceaccept
NAT
enable
enable
Anti-VirusLog
Schedule
always
Service
ANY
Action
accept
NAT
Anti-VirusLog
scan
Status
enable
Schedule
always
Service
ANY
Action
accept
NAT
enable
Anti-VirusLog
scan
enable
Status
enable
Source
Internal_Net
Internal_Net
Internal_Net
all
Internal_Net
Destination
FG60_2_LAN
MUVPN-1
MUVPN-2
all
all
enable
enable
scan
scan
enable
Source
all
Internal_Net
Destination
all
all
enable
Status
enable
enable
Source
Internal_Net
Destination
DMZ_All
Source
DMZ_All
Destination
all
Nov 2005
Page: 7
pptp-range
DMZ_All
always
ANY
accept
enable
enable
ID 8
Source
Destination
all
VIP_WebServer
Schedule
always
Service
Action
Protection Profile
Log
http
accept
strict
disable
ID 9
Source
Destination
all
VIP_SMTP_Server
Schedule
always
Service
Action
Protection Profile
Log
smtp
accept
strict
disable
Nov 2005
Page: 8
Internal_Net
FG60_2_LAN
always
Service
Action
VPN Tunnel
Protection Profile
Log
ANY
encrypt
Tu-Geneve
scan
disable
ID 15
Source
Destination
Schedule
Internal_Net
MUVPN-1
always
Service
Action
VPN Tunnel
Protection Profile
Log
RDP
encrypt
Mobile-T1
disable
ID 16
Source
Destination
Schedule
Internal_Net
MUVPN-2
always
Service
Action
VPN Tunnel
Protection Profile
Log
ANY
encrypt
Mobile-T2
scan
disable
ID 7
Source
Destination
Schedule
all
all
always
Service
Action
NAT
Protection Profile
Log
DNS
accept
enable
disable
ID 13
Source
Destination
Schedule
Internal_Net
all
Operational Hours
Service
Action
NAT
Protection Profile
Log
InternetService
accept
enable
scan
enable
Nov 2005
Page: 9
all
all
always
DNS
accept
enable
disable
Internal_Net
all
Operational Hours
InternetService
accept
enable
enable
enable
Internal_Net
DMZ_All
always
Service
Action
Protection Profile
Log
ANY
accept
scan
disable
DMZ_All
all
always
Service
Action
NAT
Protection Profile
Log
ANY
accept
enable
scan
enable
Nov 2005
Page: 10
Type
Subnet
Subnet
Subnet
Subnet
Subnet
Subnet
IP
IP
Range
IP
0.0.0.0 0.0.0.0
10.10.11.0 255.255.255.0
10.10.12.0 255.255.255.0
10.10.10.0 255.255.255.0
192.168.20.0 255.255.255.0
192.168.10.0 255.255.255.0
192.168.10.240
192.168.10.241
192.168.10.110 - 192.168.10.112
3.3.2 Address-Groups
Group Name
DMZ_All
Member
"DMZ_net" "DMZ_11" "DMZ_12"
3.4 Services
3.4.1 Custom Services
Service Name
ICA
Radius-1
Radius-2
RDP
Detail
TCP / 1-65535 : 1494-1494
UDP / 1-65535 : 1645-1645
UDP / 1-65535 : 1812-1812
TCP / 1-65535 : 3389-3389
Members
"FTP" "HTTP" "HTTPS" "NNTP" "POP3"
"Radius-1" "Radius-2"
3.5 Schedule
3.5.1 Recurring Schedules
Name
always
Operational Hours
Day
sunday monday tuesday wednesday thursday friday saturday
monday tuesday wednesday thursday friday
Start
00:00
08:30
Stop
00:00
18:00
Type
Port Forwarding
Port Forwarding
Map to IP
10.10.10.11
10.10.10.10
Map to Port
tcp / 25
tcp / 80
3.6 Virtual IP
Name
VIP_SMTP_Server
VIP_WebServer
Nov 2005
IP
external / 202.22.22.34
external / 202.22.22.35
Service Port
tcp / 25
tcp / 80
Page: 11
HTTP
IMAP
POP3
enable
FTP
enable
enable
enable
enable
SMTP
enable
enable
block
disable
block
pass
pass
pass
Web Filtering
Web Content Block
Web URL Block
Web Exempt List
Web Script Filter
Web Resume Download Block
HTTP
HTTP
IMAP
POP3
SMTP
tag
subject
Spam
tag
subject
Spam
tag
MIME
Spam:
IMAP
enable
POP3
enable
SMTP
enable
Spam Filtering
IP address FortiGuard - AntiSpam check
URL FortiGuard - AntiSpam check
IP address BWL check
RBL & ORDBL check
HELO DNS lookup
E-mail address BWL check
Return e-mail DNS check
MIME headers check
Banned word check
Spam Action
Append to:
Append with:
IPS
IPS Signature
IPS Anomaly
Value
Content/Archive Log
Display content meta-information on
dashboard
Archive
content meta-information to FortiLog
HTTP
enable
Nov 2005
FTP
enable
Page: 12
3.7.2 "strict"
Anti-Virus
Splice
Virus Scan
File Block
Pass Fragmented Emails
Buffer to Disk
Oversized File/Email
HTTP
IMAP
POP3
enable
enable
FTP
enable
enable
enable
enable
enable
enable
enable
SMTP
enable
enable
enable
block
block
block
block
block
disable
Web Filtering
Web Content Block
Web URL Block
Web Exempt List
Web Script Filter
Web Resume Download Block
HTTP
enable
enable
enable
enable
HTTP
enable
enable
enable
enable
enable
IMAP
POP3
SMTP
Spam Filtering
IP address FortiGuard - AntiSpam check
URL FortiGuard - AntiSpam check
IP address BWL check
RBL & ORDBL check
HELO DNS lookup
E-mail address BWL check
Return e-mail DNS check
MIME headers check
Banned word check
Spam Action
Append to:
Append with:
IPS
IPS Signature
IPS Anomaly
Value
Content/Archive Log
Display content meta-information on
dashboard
Archive
content meta-information to FortiLog
HTTP
enable
Nov 2005
enable
enable
enable
enable
tag
subject
Spam
enable
enable
enable
enable
tag
MIME
Spam: abc
IMAP
enable
POP3
enable
enable
enable
enable
enable
enable
enable
enable
discard
enable
FTP
enable
SMTP
enable
Page: 13
4. User
4.1 Local User
User Name
admin-user
user
Type
Local
Local
Status
4.2 Radius
Name
OTP_Server
Server Name/IP
192.168.10.54
4.3 LDAP
Name
intern_LDAP
Server Name/IP
192.168.10.55
Port
389
Nov 2005
Members
"admin-user"
"OTP_Server" "intern_LDAP"
Protection Profile
scan
strict
Page: 14
5. VPN
5.1 IPSec
5.1.1 Phase 1
Gateway Name
Branch_Geneve
Remote Gateway
Static/30.30.30.30
Mode
main
P1 Proposal
DH Group
Keylife
disable
enable
XAuth
Nat-traversal
Keepalive Frequency
Dead Peer Detection
Mobile-U1
Dialup
aggressive
5
28800
aes256-sha1
DH Group
Keylife
Enable as Server
Usergroup:
enable
XAuth
Nat-traversal
Keepalive Frequency
Dead Peer Detection
Dialup
Peer Options
Accept any peer ID
enable
P1 Proposal
Mobile-U2
Encr./Auth. Algorithm
3des-sha1
5
28800
mixed
"user-group"
enable
aggressive
P1 Proposal
aes192-sha1
DH Group
Keylife
Enable as Server
Usergroup:
enable
XAuth
Nat-traversal
Keepalive Frequency
Dead Peer Detection
5
28800
mixed
"user-group"
enable
5.1.2 Phase 2
Tunnel Name
Mobile-T1
Remote Gateway
"Mobile-U1"
Encr./Auth. Algorithm
aes256-sha1
Mobile-T2
"Mobile-U2"
"Branch_Geneve"
DH group: 5
Tu-Geneve
enable
enable
1800 (Seconds)
disable
None
Use selectors from policy
Concentrator
enable
enable
1800 (Seconds)
disable
None
Use selectors from policy
DH group: 5
aes192-sha1 3des-sha1
enable
enable
1800 (Seconds)
disable
None
Use selectors from policy
DH group: 5
5.2 PPTP
Status
Enable
Nov 2005
Starting IP
192.168.10.110
Ending IP
192.168.10.112
User Group
admin-group
Page: 15
5.3 L2TP
Status
Disable
Nov 2005
Starting IP
Ending IP
User Group
Page: 16
6. Anti-Virus
6.1 File Block
Pattern
*.bat
*.com
*.dll
*.doc
*.exe
*.gz
*.hta
*.pif
*.ppt
*.rar
*.scr
*.tar
*.tgz
*.vb?
*.wps
*.xl?
*.zip
HTTP
enable
enable
enable
FTP
enable
enable
enable
IMAP
enable
enable
enable
POP3
enable
enable
enable
SMTP
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
6.2 Config
6.2.1 Oversize Threshold Configuration
Protocol
HTTP
FTP
IMAP
POP3
SMTP
Ports
80
21
143
110
25
6.2.2 Grayware
Category
Adware
BHO
Dial
Download
Game
HackerTool
Hijacker
Joke
Keylog
Misc
NMT
P2P
Plugin
RAT
Spy
Toolbar
Nov 2005
Status
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
Page: 17
7. Web Filter
7.1 Category Block Configuration
Options
FortiGuard Service
Cache
Status
enable
Nov 2005
Status
enable
enable
Page: 18
disabled
WebTrends
disabled
Disk
Maximum size of log file:
Roll log time
Roll Log Frequency
Roll log day
Roll log policy
Level
enabled
100 MB
0:0:0 (hh:mm:ss)
24 hour
sunday
overwrite
information
disabled
Memory
disabled
Fortilog
Name/IP
Level
Encrypt
Local ID
enabled
194.191.86.36
information
Nov 2005
Page: 19
WebTrends Disk
Memory
Fortilog
Traffic Log
Policy allowed traffic
Policy violation traffic
enable
enable
enable
enable
enable
enable
Event Log
System Activity event
IPSec negotiation event
DHCP service event
L2TP/PPTP/PPPoE service event
Admin event
HA activity event
Firewall authentication event
Pattern update event
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
Anti-virus Log
Virus infected
Filename blocked
File oversized
enable
enable
enable
enable
enable
enable
enable
enable
Nov 2005
Alert E-mail
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
enable
Page: 20