Provisioning Templates – FortiManager 5.2

Threat Weight templates

Threat Weight templates

User or client behavior can sometimes increase the risk of being attacked or becoming infected. For example, if one of your network clients receives email viruses on a daily basis while no other clients receive these attachments, extra measures may be required to protect that client, or a discussion with the user about this issue may be warranted.

Before you can decide on a course of action, you need to know the problem is occurring. Threat weight can provide this information by tracking client behavior and reporting on activities that you determine are risky or otherwise worth tracking.

Threat weight profiles can be created, edited, and assigned to devices. When creating a profile, the default threat level definitions are used; these can be changed later, see To edit a threat weight profile:. When Threat Weight Tracking is enabled, the Log Allowed Traffic setting will be enabled on all policies. For more information on configuring the Threat Weight profile, see the FortiOS 5.2 Handbook.

To create a new threat weight profile:

  1. Go to the FortiClient Templates > Threat Weight Profile page and select Create New in the toolbar.
  2. In the New Threat Weight Profile window, type a name for the profile.
  3. Select OK to create the new threat weight profile.

To edit a threat weight profile:

  1. Right-click in the profile row and select Edit from the pop-up menu. The Threat Level Definition page opens.
  2. Adjust the threat levels as needed:
Log Threat Weight Turn on threat weight tracking.
Reset Reset all the threat level definition values back to their defaults.
Import Import threat level definitions from a device in the ADOM.
Application Protection Adjust the tracking levels for the different application types that can be tracked.
Intrusion Protection Adjust the tracking levels for the different attack types that can be tracked.
Malware Protection Adjust the tracking levels for the malware or botnet connections that can be detected.
Packet Based Inspection Adjust the tracking levels for failed connection attempts and traffic blocked by firewall policies.
Web Activity Adjust the tracking levels for various types of web activity.
Risk Level Values Adjust the values for the four risk levels.
  1. Select OK to save your changes and close the page.

To assign a threat weight profile to a device:

  1. Right-click in the profile row and select Assigned Devices from the pop-up menu.
  2. Add or remove devices as needed in the Assigned Devices dialog box, then select OK. Select the add icon to add multiple devices.

The devices assigned to the profile are shown in the Assign To column on the Threat weight content pane.

This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.