- Feature Visibility: Multiple Interface Polices. Alternatively, Zone can be used.
with multiple source or destination interfaces or any, only By Sequence view is available.
- Internet service database (ISDB)
Can be used in Source or Destination. - Flow-based and Proxy-based inspection mode in FW policy.
Flow-based inspection takes a snapshot of content packets and uses pattern matching to identify security threats in the content.
Proxy-based inspection reconstructs content that passes through the FortiGate and inspects the content for security threats.
proxy-based provides more feature configuration options, while flow-based is designed to optimize performance.
have different profiles. - Logging
Log Allowed Traffic: Security Event or All Sessions.
All sessions logging is generated at the end of the session, enable ""Generate Logs when Session Starts" will generate two logs:
1. Result or Action shows: Accept: session start
2. Result shows sent / receive bytes, action shows: Accept: session close
Enable "Log IPv4 Violation traffic" for implicit rule and all Deny rules.
To improve performance and reduce denied logs, enable denied traffic in session table
config system setting
set ses-denied-traffic <disable | enable>
end
config system global
set block-session-timer <1-300> - Real-time policy status
Edit the policy, statistics session shows hit counts, first and last use, etc. can counters. - Filter: Right click a cell in the column or left click the filter icon near the Column title.
- View match log of a rule: Right click a policy > Show matching Logs
- Clone Reverse: Right click a policy
- Edit in CLI: right click a policy or in Edit window
- Policy Lookup
Identify matching policy without real traffic
Comments
Post a Comment