Scribd Logo
Upload

Welcome to Scribd!

  • Fort I Gate Report

    Uploaded by

    Mauricio Flores
    7 views21 pages
    sdfvg

    Original Title

    Fort i Gate Report

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sdfvg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views21 pages

    Fort I Gate Report

    Uploaded by

    Mauricio Flores
    sdfvg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Fortinet Configuration Report

    Hostname: "FG3600-Internet"

    This is an example documentation made with AUTODOC.


    For more information please visit www.autodoc.ch

    FortiGate FG3600

    Firmware Version 2.80 build489 build date 051027


    Report printed on SCSY-2 at 11/28/05 18:09:22 with autoDOC Version 6.10

    Firewall Report for Customer XYZ

    1. System Configuration
    Fortigate is configured in Route/NAT mode.

    202.22.22.1
    202.22.22.22 255.255.255.192

    port1: pppoe
    port2: 10.10.10.1 255.255.255.0
    port3: 192.168.210.100 255.255.255.0
    port4: 192.168.220.100 255.255.255.0

    192.168.10.99 255.255.255.0

    1.1 Status
    Paramater
    Host Name
    Operation Mode

    Key
    FG3600-Internet
    Route/NAT

    1.2 Network
    1.2.1 Interface
    Name
    external
    internal
    port1
    port2
    port3
    port4

    Nov 2005

    IP - Netmask
    202.22.22.22 255.255.255.192
    192.168.10.99 255.255.255.0
    pppoe
    10.10.10.1 255.255.255.0
    192.168.210.100 255.255.255.0
    192.168.220.100 255.255.255.0

    Access
    ping https ssh
    ping
    ping

    Ping Server
    202.11.11.11
    80.11.11.11

    MTU

    Log
    enable
    enable

    Page: 1

    Firewall Report for Customer XYZ

    1.2.1.1 Konfiguration auf Interface "port1"


    Adressing Mode
    User
    Unnumbered IP
    Initial Disc Timeout
    Initial PADT Timeout
    Distance
    Retrieve default gateway from server
    Override internal DNS
    Connect to Server

    PPPoE
    user@testisp.ch
    1
    1
    20
    enable
    enable

    1.2.2 DNS
    DNS Server
    Primary
    Secondary

    IP
    195.186.1.121
    195.186.4.121

    1.3 DHCP
    1.3.1 Service
    Interface
    external
    internal

    Service
    NONE
    DHCP Server
    Name
    Domain
    Default Gateway
    IP Range / Network Mask
    Lease Time
    DNS Server
    WINS Server
    Options

    port1
    port2
    port3
    port4

    "internal_dhcp_server"
    192.168.10.99
    192.168.10.210-192.168.10.220 / 255.255.255.0
    7 days, 0 hours, 0 minutes
    192.168.10.99

    NONE
    NONE
    NONE
    NONE

    1.4 Config
    1.4.1 Time
    Timezone
    (GMT+01:00) Amsterdam, Berlia, Bern, Rome, Stockholm, Vienna

    Adjust for Daylight Saving Changes


    enable

    Set Time
    Synchronize with NTP Server

    Syn Interval
    60 min

    Nov 2005

    NTP Server
    132.246.168.148

    Page: 2

    Firewall Report for Customer XYZ

    1.4.2 Options
    Parameter
    Idle Timeout
    Auth Timeout
    Web Administration - Language
    LCD Panel
    Dead Gateway Detection

    Nov 2005

    Key
    20
    30
    english
    enable (XXXXXX)
    Detection Interval: 5 (seconds)
    Fail-over Detection: 5 (lost consecutive pings)

    Page: 3

    Firewall Report for Customer XYZ

    1.4.3 Replacement Messages


    Mail
    virus message
    file block message
    oversized file message
    fragmented email
    virus message (splice mode)
    file block message (splice mode)
    oversized file message (splice mode)
    HTTP
    virus message

    file block message


    oversized file message
    banned word message
    URL block message
    client block
    client anti-virus

    client filesize
    client banned word

    FTP
    virus message
    blocked message
    oversized message
    Alert Mail
    test message
    virus message
    block message
    intrusion message
    critical event message
    disk full message

    Nov 2005

    "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been
    removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File
    quarantined as: \"%%QUARFILENAME%%\"."
    "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been
    blocked. File quarantined as: \"%%QUARFILENAME%%\"."
    "This email has been blocked. The email message is larger than the configured file size
    limit."
    "Fragmented emails are blocked."
    "The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined
    as %%QUARFILENAME%%"
    "The file %%FILE%% has been blocked. File quarantined as:
    %%QUARFILENAME%%"
    "This
    message is larger than the configured limit and has been blocked."

    "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to download


    the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
    </p><p>URL = http://%%URL%%</p><p>File quarantined as:
    %%QUARFILENAME%%.</p></BODY></HTML>"
    "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to
    download the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY>
    </HTML>"
    "<HTML><BODY>
    <h2>Attention!!!</h2><p>The file \"%%FILE%%\" has been blocked.
    The file is larger than the configured file size limit.</p> <p>URL =
    http://%%URL%%</p> </BODY></HTML>"
    "<HTML><BODY>The page you requested has been blocked because it contains a
    banned word. URL = http://%%URL%%</BODY></HTML>"
    "<HTML><BODY>The URL you requested has been blocked. URL =
    %%URL%%</BODY></HTML>"
    "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to upload
    the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>"
    "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to upload
    the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\".
    </p><p>URL = http://%%URL%%</p><p>File quarantined as:
    %%QUARFILENAME%%.</p></BODY></HTML>"
    "<HTML><BODY> <h2>Attention!!!</h2><p>Your request has been blocked. The
    request is larger than the configured file size limit.</p> <p>URL =
    http://%%URL%%</p> </BODY></HTML>"
    "<HTML><BODY>The page you uploaded has been blocked because it contains a
    banned word. URL = http://%%URL%%</BODY></HTML>"

    "Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File
    quarantined as %%QUARFILENAME%%."
    "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"."
    "File size limit exceeded."

    "Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP:


    %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From:
    %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% "
    "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP:
    %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From:
    %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% "
    "The following intrusion was observed: %%NIDS_EVENT%%."
    "The following critical firewall event was detected: %%CRITICAL_EVENT%%."
    "The log disk is Full."

    Page: 4

    Firewall Report for Customer XYZ

    Spam
    Email IP
    RBL/ORDBL message
    HELO/EHLO domain
    Email address
    Mime header
    Returned email domain
    Banned word
    FortiShield URL block
    Category Block
    URL block message

    "Mail from this IP address is not allowed and has been blocked."
    "This message has been blocked because it is from a RBL/ORDBL IP address."
    "This message has been blocked because the HELO/EHLO domain is invalid"
    "Mail from this email address is not allowed and has been blocked."
    "This message has been blocked because it contains an invalid header."
    "This message has been blocked because the return email domain is invalid."
    "This message has been blocked because it contains a banned word."

    "<html><head><title>Webfilter Violation</title></head><body><font size=2><table


    width=\"100%\"><tr><td>%%FORTINET%%</td></tr><tr><td bgcolor=#ff6600
    align=\"center\"><font color=#ffffff><b>Web Page
    Blocked</b></font></td></tr></table><br><br>You have tried to access a web page
    which is in violation of your internet usage
    policy.<br><br>URL:&nbsp;%%URL%%<br>Category:&nbsp;%%CATEGORY%%<br><br>To
    have the rating of this web page re-evaluated please contact your
    administrator.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"
    "<html><head><title>%%HTTP_ERR_CODE%%
    %%HTTP_ERR_DESC%%</title></head><body><font size=2><table
    width=\"100%\"><tr><td>%%FORTIGUARD%%</td><td
    align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\"
    colspan=2><font color=#ffffff><b>%%HTTP_ERR_CODE%%
    %%HTTP_ERR_DESC%%</b></font></td></tr></table><br><br>The webserver for
    %%URL%% reported that an error occurred while trying to access the website. Please
    click <u><a onclick=\"history.back()\">here</a></u> to return to the previous
    page.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"

    HTTP error message

    1.5 Admin
    1.5.1 Administrators
    Adminstrator
    admin
    monitor

    Permission
    prof_admin
    read

    Trusted Host #1

    Trusted Host #2

    Trusted Host #3

    192.168.10.0 255.255.255.0

    1.5.2 Access Profile


    "prof_admin"

    Access Control
    System Configuration
    Log & Report
    Security Policy
    Auth Users
    Admin Users
    FortiProtect Update
    System Shutdown

    Read
    yes
    yes
    yes
    yes
    yes
    yes
    yes

    Write
    yes
    yes
    yes
    yes
    yes
    yes
    yes

    "read"

    Access Control
    System Configuration
    Log & Report
    Security Policy
    Auth Users
    Admin Users
    FortiProtect Update
    System Shutdown

    Read
    yes
    yes
    yes
    yes
    yes
    yes
    yes

    Write

    Nov 2005

    Page: 5

    Firewall Report for Customer XYZ

    1.6 Update Center


    Paramater
    Use override Server Address
    Allow Push Update
    Scheduled Update

    Key
    No
    Yes
    Yes - every - 1:15

    2. Router
    2.1 Static Routes
    #
    1
    2
    3

    Destination IP / Mask
    0.0.0.0 0.0.0.0
    10.10.11.0 255.255.255.0
    10.10.12.0 255.255.255.0

    Gateway
    202.22.22.1
    10.10.10.250
    10.10.10.111

    Device
    external
    port2
    port2

    Distance
    10
    10
    10

    2.2 RIP
    2.2.1 General
    Parameter
    RIP Version
    Default Metric
    Default-information-originate

    Value
    1
    1
    disable

    RIP Timers

    Update 30 (seconds)
    Timeout 180 (seconds)

    Garbage 120 (seconds)

    Redistribute

    Connected
    Static

    disabled
    disabled

    Nov 2005

    Page: 6

    Firewall Report for Customer XYZ

    3. Firewall
    3.1 Policy Overview
    3.1.1 external -> port2
    ID
    11
    8
    9

    Source
    pptp-range
    all
    all

    Destination
    Schedule
    DMZ_All
    always
    VIP_WebServer always
    VIP_SMTP_Serveralways

    Service
    ANY
    http
    smtp

    Action
    accept
    accept
    accept

    NAT

    Anti-VirusLog
    enable
    strict
    strict

    Status
    enable
    enable
    enable

    Schedule
    always
    always
    always
    always
    Operational
    Hours

    Service
    Action
    ANY
    encrypt
    RDP
    encrypt
    ANY
    encrypt
    DNS
    accept
    InternetServiceaccept

    NAT

    Anti-VirusLog
    scan

    Status
    enable
    enable
    enable
    enable
    enable

    Schedule
    always
    Operational
    Hours

    Service
    Action
    DNS
    accept
    InternetServiceaccept

    NAT
    enable
    enable

    Anti-VirusLog

    Schedule
    always

    Service
    ANY

    Action
    accept

    NAT

    Anti-VirusLog
    scan

    Status
    enable

    Schedule
    always

    Service
    ANY

    Action
    accept

    NAT
    enable

    Anti-VirusLog
    scan
    enable

    Status
    enable

    3.1.2 internal -> external


    ID
    14
    15
    16
    7
    13

    Source
    Internal_Net
    Internal_Net
    Internal_Net
    all
    Internal_Net

    Destination
    FG60_2_LAN
    MUVPN-1
    MUVPN-2
    all
    all

    enable
    enable

    scan
    scan

    enable

    3.1.3 internal -> port1


    ID
    12
    4

    Source
    all
    Internal_Net

    Destination
    all
    all

    enable

    Status
    enable
    enable

    3.1.4 internal -> port2


    ID
    10

    Source
    Internal_Net

    Destination
    DMZ_All

    3.1.5 port2 -> external


    ID
    17

    Source
    DMZ_All

    Destination
    all

    3.2 Policy Detail

    Nov 2005

    Page: 7

    Firewall Report for Customer XYZ

    3.2.1 external -> port2


    ID 11
    Source
    Destination
    Schedule
    Service
    Action
    Protection Profile
    Log
    Authentication

    pptp-range
    DMZ_All
    always
    ANY
    accept
    enable
    enable

    ID 8
    Source
    Destination

    all
    VIP_WebServer

    Schedule

    always

    Service
    Action
    Protection Profile
    Log

    http
    accept
    strict
    disable

    ID 9
    Source
    Destination

    all
    VIP_SMTP_Server

    Schedule

    always

    Service
    Action
    Protection Profile
    Log

    smtp
    accept
    strict
    disable

    Nov 2005

    Range 192.168.10.110 - 192.168.10.112


    Address Group: "DMZ_net" "DMZ_11" "DMZ_12"
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service
    Not activated
    Usergroups: "admin-group"

    Subnet 0.0.0.0 0.0.0.0


    Port Forwarding (VIP): external/202.22.22.35 (tcp/80) -> 10.10.10.10
    (tcp/80)
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service

    Subnet 0.0.0.0 0.0.0.0


    Port Forwarding (VIP): external/202.22.22.34 (tcp/25) -> 10.10.10.11
    (tcp/25)
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service

    Page: 8

    Firewall Report for Customer XYZ

    3.2.2 internal -> external


    ID 14
    Source
    Destination
    Schedule

    Internal_Net
    FG60_2_LAN
    always

    Service
    Action
    VPN Tunnel
    Protection Profile
    Log

    ANY
    encrypt
    Tu-Geneve
    scan
    disable

    ID 15
    Source
    Destination
    Schedule

    Internal_Net
    MUVPN-1
    always

    Service
    Action
    VPN Tunnel
    Protection Profile
    Log

    RDP
    encrypt
    Mobile-T1
    disable

    ID 16
    Source
    Destination
    Schedule

    Internal_Net
    MUVPN-2
    always

    Service
    Action
    VPN Tunnel
    Protection Profile
    Log

    ANY
    encrypt
    Mobile-T2
    scan
    disable

    ID 7
    Source
    Destination
    Schedule

    all
    all
    always

    Service
    Action
    NAT
    Protection Profile
    Log

    DNS
    accept
    enable
    disable

    ID 13
    Source
    Destination
    Schedule

    Internal_Net
    all
    Operational Hours

    Service
    Action
    NAT
    Protection Profile
    Log

    InternetService
    accept
    enable
    scan
    enable

    Nov 2005

    Subnet 192.168.10.0 255.255.255.0


    Subnet 192.168.20.0 255.255.255.0
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service
    Allow inbound Allow outbound;

    Subnet 192.168.10.0 255.255.255.0


    IP 192.168.10.240
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Custom Service: TCP / 1-65535:3389-3389
    Allow inbound Allow outbound;
    Not activated

    Subnet 192.168.10.0 255.255.255.0


    IP 192.168.10.241
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service
    Allow inbound Allow outbound;

    Subnet 0.0.0.0 0.0.0.0


    Subnet 0.0.0.0 0.0.0.0
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service
    Dynamic IP Pool: disabled; Fixed Port: disabled
    Not activated

    Subnet 192.168.10.0 255.255.255.0


    Subnet 0.0.0.0 0.0.0.0
    Recurring Schedule: monday tuesday wednesday thursday friday 08:30
    18:00
    Service Group: "FTP" "HTTP" "HTTPS" "NNTP" "POP3"
    Dynamic IP Pool: disabled; Fixed Port: disabled

    Page: 9

    Firewall Report for Customer XYZ

    3.2.3 internal -> port1


    ID 12
    Source
    Destination
    Schedule
    Service
    Action
    NAT
    Protection Profile
    Log
    ID 4
    Source
    Destination
    Schedule
    Service
    Action
    NAT
    Protection Profile
    Log
    Authentication

    all
    all
    always
    DNS
    accept
    enable

    Subnet 0.0.0.0 0.0.0.0


    Subnet 0.0.0.0 0.0.0.0
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service
    Dynamic IP Pool: disabled; Fixed Port: disabled
    Not activated

    disable

    Internal_Net
    all
    Operational Hours
    InternetService
    accept
    enable
    enable
    enable

    Subnet 192.168.10.0 255.255.255.0


    Subnet 0.0.0.0 0.0.0.0
    Recurring Schedule: monday tuesday wednesday thursday friday 08:30
    18:00
    Service Group: "FTP" "HTTP" "HTTPS" "NNTP" "POP3"
    Dynamic IP Pool: disabled; Fixed Port: disabled
    Not activated
    Usergroups: "admin-group" "user-group"

    3.2.4 internal -> port2


    ID 10
    Source
    Destination
    Schedule

    Internal_Net
    DMZ_All
    always

    Service
    Action
    Protection Profile
    Log

    ANY
    accept
    scan
    disable

    Subnet 192.168.10.0 255.255.255.0


    Address Group: "DMZ_net" "DMZ_11" "DMZ_12"
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service

    3.2.5 port2 -> external


    ID 17
    Source
    Destination
    Schedule

    DMZ_All
    all
    always

    Service
    Action
    NAT
    Protection Profile
    Log

    ANY
    accept
    enable
    scan
    enable

    Nov 2005

    Address Group: "DMZ_net" "DMZ_11" "DMZ_12"


    Subnet 0.0.0.0 0.0.0.0
    Recurring Schedule: sunday monday tuesday wednesday thursday
    friday saturday
    Predefined Service
    Dynamic IP Pool: disabled; Fixed Port: disabled

    Page: 10

    Firewall Report for Customer XYZ

    3.3 Addresses & Groups


    3.3.1 Address
    Adress Name
    all
    DMZ_11
    DMZ_12
    DMZ_net
    FG60_2_LAN
    Internal_Net
    MUVPN-1
    MUVPN-2
    pptp-range

    Type
    Subnet
    Subnet
    Subnet
    Subnet
    Subnet
    Subnet
    IP
    IP
    Range

    IP
    0.0.0.0 0.0.0.0
    10.10.11.0 255.255.255.0
    10.10.12.0 255.255.255.0
    10.10.10.0 255.255.255.0
    192.168.20.0 255.255.255.0
    192.168.10.0 255.255.255.0
    192.168.10.240
    192.168.10.241
    192.168.10.110 - 192.168.10.112

    3.3.2 Address-Groups
    Group Name
    DMZ_All

    Member
    "DMZ_net" "DMZ_11" "DMZ_12"

    3.4 Services
    3.4.1 Custom Services
    Service Name
    ICA
    Radius-1
    Radius-2
    RDP

    Detail
    TCP / 1-65535 : 1494-1494
    UDP / 1-65535 : 1645-1645
    UDP / 1-65535 : 1812-1812
    TCP / 1-65535 : 3389-3389

    3.4.2 Service Group


    Group Name
    InternetService
    Radius-Services

    Members
    "FTP" "HTTP" "HTTPS" "NNTP" "POP3"
    "Radius-1" "Radius-2"

    3.5 Schedule
    3.5.1 Recurring Schedules
    Name
    always
    Operational Hours

    Day
    sunday monday tuesday wednesday thursday friday saturday
    monday tuesday wednesday thursday friday

    Start
    00:00
    08:30

    Stop
    00:00
    18:00

    Type
    Port Forwarding
    Port Forwarding

    Map to IP
    10.10.10.11
    10.10.10.10

    Map to Port
    tcp / 25
    tcp / 80

    3.6 Virtual IP
    Name
    VIP_SMTP_Server
    VIP_WebServer

    Nov 2005

    IP
    external / 202.22.22.34
    external / 202.22.22.35

    Service Port
    tcp / 25
    tcp / 80

    Page: 11

    Firewall Report for Customer XYZ

    3.7 Protection Profile


    3.7.1 "scan"
    Anti-Virus
    Splice
    Virus Scan
    File Block
    Pass Fragmented Emails
    Buffer to Disk
    Oversized File/Email

    HTTP

    IMAP

    POP3

    enable

    FTP
    enable
    enable

    enable

    enable

    SMTP
    enable
    enable

    Add signature to outgoing emails

    block
    disable

    block

    pass

    pass

    pass

    Web Filtering
    Web Content Block
    Web URL Block
    Web Exempt List
    Web Script Filter
    Web Resume Download Block

    HTTP

    Web Category Filtering


    Enable category block
    Block unrated websites
    Details for blocked HTTP 4xx and 5xx errors
    Rate images by URL
    Allow websites when a rating error occurs

    HTTP

    IMAP

    POP3

    SMTP

    tag
    subject
    Spam

    tag
    subject
    Spam

    tag
    MIME
    Spam:

    IMAP
    enable

    POP3
    enable

    SMTP
    enable

    Spam Filtering
    IP address FortiGuard - AntiSpam check
    URL FortiGuard - AntiSpam check
    IP address BWL check
    RBL & ORDBL check
    HELO DNS lookup
    E-mail address BWL check
    Return e-mail DNS check
    MIME headers check
    Banned word check
    Spam Action
    Append to:
    Append with:
    IPS
    IPS Signature
    IPS Anomaly

    Value

    Content/Archive Log
    Display content meta-information on
    dashboard
    Archive
    content meta-information to FortiLog

    HTTP
    enable

    Nov 2005

    FTP
    enable

    Page: 12

    Firewall Report for Customer XYZ

    3.7.2 "strict"
    Anti-Virus
    Splice
    Virus Scan
    File Block
    Pass Fragmented Emails
    Buffer to Disk
    Oversized File/Email

    HTTP

    IMAP

    POP3

    enable
    enable

    FTP
    enable
    enable
    enable

    enable
    enable

    enable
    enable

    SMTP
    enable
    enable
    enable

    block

    block

    block

    block

    block

    Add signature to outgoing emails

    disable

    Web Filtering
    Web Content Block
    Web URL Block
    Web Exempt List
    Web Script Filter
    Web Resume Download Block

    HTTP
    enable
    enable
    enable
    enable

    Web Category Filtering


    Enable category block
    Block unrated websites
    Details for blocked HTTP 4xx and 5xx errors
    Rate images by URL
    Allow websites when a rating error occurs

    HTTP
    enable
    enable
    enable
    enable
    enable
    IMAP

    POP3

    SMTP

    Spam Filtering
    IP address FortiGuard - AntiSpam check
    URL FortiGuard - AntiSpam check
    IP address BWL check
    RBL & ORDBL check
    HELO DNS lookup
    E-mail address BWL check
    Return e-mail DNS check
    MIME headers check
    Banned word check
    Spam Action
    Append to:
    Append with:
    IPS
    IPS Signature
    IPS Anomaly

    Value

    Content/Archive Log
    Display content meta-information on
    dashboard
    Archive
    content meta-information to FortiLog

    HTTP
    enable

    Nov 2005

    enable
    enable
    enable
    enable
    tag
    subject
    Spam

    enable
    enable
    enable
    enable
    tag
    MIME
    Spam: abc

    IMAP
    enable

    POP3
    enable

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    discard

    enable
    FTP
    enable

    SMTP
    enable

    Page: 13

    Firewall Report for Customer XYZ

    4. User
    4.1 Local User
    User Name
    admin-user
    user

    Type
    Local
    Local

    Status

    4.2 Radius
    Name
    OTP_Server

    Server Name/IP
    192.168.10.54

    4.3 LDAP
    Name
    intern_LDAP

    Server Name/IP
    192.168.10.55

    Port
    389

    Common Name Identifier Distinguished Name


    cn

    4.4 User Group


    Group Name
    admin-group
    user-group

    Nov 2005

    Members
    "admin-user"
    "OTP_Server" "intern_LDAP"

    Protection Profile
    scan
    strict

    Page: 14

    Firewall Report for Customer XYZ

    5. VPN
    5.1 IPSec
    5.1.1 Phase 1
    Gateway Name
    Branch_Geneve

    Remote Gateway
    Static/30.30.30.30

    Mode
    main

    P1 Proposal

    DH Group
    Keylife
    disable
    enable

    XAuth
    Nat-traversal
    Keepalive Frequency
    Dead Peer Detection

    Mobile-U1

    Dialup

    aggressive

    5
    28800

    aes256-sha1

    DH Group
    Keylife
    Enable as Server
    Usergroup:
    enable

    XAuth
    Nat-traversal
    Keepalive Frequency
    Dead Peer Detection

    Dialup

    Peer Options
    Accept any peer ID

    enable

    P1 Proposal

    Mobile-U2

    Encr./Auth. Algorithm
    3des-sha1

    Accept this peer ID:


    "user-1"

    5
    28800
    mixed
    "user-group"

    enable

    aggressive

    P1 Proposal

    aes192-sha1

    DH Group
    Keylife
    Enable as Server
    Usergroup:
    enable

    XAuth
    Nat-traversal
    Keepalive Frequency
    Dead Peer Detection

    Accept this peer ID:


    "user-2"

    5
    28800
    mixed
    "user-group"

    enable

    5.1.2 Phase 2
    Tunnel Name
    Mobile-T1

    Remote Gateway
    "Mobile-U1"

    Encr./Auth. Algorithm
    aes256-sha1

    Enable replay detection


    Enable perfect forward secrecy(PFS)
    Keylife
    Autokey Keep Alive
    Internet browsing
    Quick Mode Identities

    Mobile-T2

    "Mobile-U2"

    "Branch_Geneve"

    DH group: 5

    aes256-sha1 aes192-sha1 3des-md5

    Enable replay detection


    Enable perfect forward secrecy(PFS)
    Keylife
    Autokey Keep Alive
    Internet browsing
    Quick Mode Identities

    Tu-Geneve

    enable
    enable
    1800 (Seconds)
    disable
    None
    Use selectors from policy

    Concentrator

    enable
    enable
    1800 (Seconds)
    disable
    None
    Use selectors from policy

    DH group: 5

    aes192-sha1 3des-sha1

    Enable replay detection


    Enable perfect forward secrecy(PFS)
    Keylife
    Autokey Keep Alive
    Internet browsing
    Quick Mode Identities

    enable
    enable
    1800 (Seconds)
    disable
    None
    Use selectors from policy

    DH group: 5

    5.2 PPTP
    Status
    Enable

    Nov 2005

    Starting IP
    192.168.10.110

    Ending IP
    192.168.10.112

    User Group
    admin-group

    Page: 15

    Firewall Report for Customer XYZ

    5.3 L2TP
    Status
    Disable

    Nov 2005

    Starting IP

    Ending IP

    User Group

    Page: 16

    Firewall Report for Customer XYZ

    6. Anti-Virus
    6.1 File Block
    Pattern
    *.bat
    *.com
    *.dll
    *.doc
    *.exe
    *.gz
    *.hta
    *.pif
    *.ppt
    *.rar
    *.scr
    *.tar
    *.tgz
    *.vb?
    *.wps
    *.xl?
    *.zip

    HTTP
    enable
    enable
    enable

    FTP
    enable
    enable
    enable

    IMAP
    enable
    enable
    enable

    POP3
    enable
    enable
    enable

    SMTP
    enable
    enable
    enable

    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    enable

    enable

    6.2 Config
    6.2.1 Oversize Threshold Configuration
    Protocol
    HTTP
    FTP
    IMAP
    POP3
    SMTP

    max. filesize to scan


    25 MBs
    25 MBs
    25 MBs
    25 MBs
    25 MBs

    max. uncompressed size to scan


    25 MBs
    25 MBs
    25 MBs
    25 MBs
    25 MBs

    Ports
    80
    21
    143
    110
    25

    6.2.2 Grayware
    Category
    Adware
    BHO
    Dial
    Download
    Game
    HackerTool
    Hijacker
    Joke
    Keylog
    Misc
    NMT
    P2P
    Plugin
    RAT
    Spy
    Toolbar

    Nov 2005

    Status
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    Page: 17

    Firewall Report for Customer XYZ

    7. Web Filter
    7.1 Category Block Configuration
    Options
    FortiGuard Service
    Cache

    Status
    enable

    7.2 Script Filter


    Filtering Options
    Java Applet
    Cookie
    ActiveX

    Nov 2005

    Status
    enable
    enable

    Page: 18

    Firewall Report for Customer XYZ

    8. Log & Report


    8.1 Log Setting
    Syslog

    disabled

    WebTrends

    disabled

    Disk
    Maximum size of log file:
    Roll log time
    Roll Log Frequency
    Roll log day
    Roll log policy
    Level

    enabled
    100 MB
    0:0:0 (hh:mm:ss)
    24 hour
    sunday
    overwrite
    information

    Upload When Rolling

    disabled

    Memory

    disabled

    Fortilog
    Name/IP
    Level
    Encrypt
    Local ID

    enabled
    194.191.86.36
    information

    Nov 2005

    Page: 19

    Firewall Report for Customer XYZ

    8.2 Log Filter


    Syslog

    WebTrends Disk

    Memory

    Fortilog

    Traffic Log
    Policy allowed traffic
    Policy violation traffic

    enable
    enable
    enable

    enable
    enable
    enable

    Event Log
    System Activity event
    IPSec negotiation event
    DHCP service event
    L2TP/PPTP/PPPoE service event
    Admin event
    HA activity event
    Firewall authentication event
    Pattern update event

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    Anti-virus Log
    Virus infected
    Filename blocked
    File oversized

    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable

    Web Filter Log


    Content block
    URL block
    URL exempt
    Blocked category ratings
    Monitored category ratings
    Category rating errors
    Attack Log
    Attack Signature
    Attack Anomaly
    Spam Filter Log
    SMTP
    POP3
    IMAP

    Nov 2005

    Alert E-mail

    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable
    enable

    enable
    enable
    enable
    enable
    enable
    enable
    enable

    Page: 20

    You might also like