Chapter 2 – Getting Started

To modify the antispam filter cache size – GUI

1. Go to System > FortiGuard.

2. Click the Expand Arrow for Web Filtering and Email Filtering Options.

3. Enter the TTL value for the antispam cache.

4. Select Apply.

To modify the web filter cache size – CLI

config system fortiguard

set antispam-cache-ttl <integer>

end

Further antispam filtering options can be configured to block, allow or quarantine, specific email addresses.

These configurations are available through the Security Profiles > Antispam menu. For more information, see the Security Profiles handbookchapter.

 

Online Security Tools

The FortiGuard online center provides a number of online security tools that enable you to verify or check ratings of web sites, email addresses as well as check file for viruses:

 

  • URL lookup – By entering a web site address, you can see if it has been rated and what category and classification it is filed as. If you find your web site or a site you commonly go to has been wrongly categorized, you can use this page to request that the site be re-evaluated.

http://www.fortiguard.com/webfiltering/webfiltering.html

  • IP and signature lookup – The IP and signature lookup enables you to check whether an IP address is blacklisted in the FortiGuard IP reputation database or whether a URL or email address is in the signature database. http://www.fortiguard.com/antispam/antispam.html
  • Online virus scanner – If you discover a suspicious file on your machine, or suspect that a program you downloaded from the Internet might be malicious you can scan it using the FortiGuard online scanner. The questionable file can be uploaded from your computer to a dedicated server where it will be scanned using FortiClient Antivirus. Only one file of up to 1 MB can be checked at any one time. All files will be forwarded to our research labs for analysis.

http://www.fortiguard.com/antivirus/virus_scanner.html

  • Malware removal tools – Tools have been developed by FortiGuard Labs to disable and remove the specific malware and related variants. Some tools have been developed to remove specific malware, often tough to remove. A universal cleaning tool, FortiCleanup, is also available for download.

The FortiCleanup is a tool developed to identify and cleanse systems of malicious rootkit files and their associated malware. Rootkits consist of code installed on a system with kernel level privileges, often used to hide malicious files, keylog and thwart detection / security techniques. The aim of this tool is to reduce the effectiveness of such malware by finding and eliminating rootkits. The tool offers a quick memory scan as well as a full system scan. FortiCleanup will not only remove malicious files, but also can cleanse registry entries, kernel module patches, and other tricks commonly used by rootkits – such as SSDT hooks and process enumeration hiding.

A license to use these applications is provided free of charge, courtesy of Fortinet.

http://www.fortiguard.com/antivirus/malware_removal.html

 

 

FortiCloud

FortiCloud is a hosted security management and log retention service for FortiGate devices. It gives you centralized reporting, traffic analysis, configuration management and log retention without the need for additional hardware and software.

 

FortiCloud offers a wide range of features:

  • Simplified central management – FortiCloud provides a central web-based management console to manage individual or aggregated FortiGate and FortiWiFi devices. Adding a device to the FortiCloud management subscription is straightforward. FortiCloud has detailed traffic and application visibility across the whole network.
  • Hosted log retention with large default storage allocated – Log retention is an integral part of any security and compliance program but administering a separate storage system is burdensome. FortiCloud takes care of this automatically and stores the valuable log information in the cloud. Each device is allowed up to 200Gb of log retention storage. Different types of logs can be stored including Traffic, System Events, Web, Applications and Security Events.
  • Monitoring and alerting in real time – Network availability is critical to a good end-user experience. FortiCloud enables you to monitor your FortiGate network in real time with different alerting mechanisms to pinpoint potential issues. Alerting mechanisms can be delivered via email.
  • Customized or pre-configured reporting and analysis tools – Reporting and analysis are your eyes and ears into your network’s health and security. Pre-configured reports are available, as well as custom reports that can be tailored to your specific reporting and compliance requirements. For example, you may want to look closely at application usage or web site violations. The reports can be emailed as PDFs and can cover different time periods.
  • Maintain important configuration information uniformly – The correct configuration of the devices within your network is essential to maintaining an optimum performance and security posture. In addition, maintaining the correct firmware (operating system) level allows you to take advantage of the latest features.
  • Service security – All communication (including log information) between the devices and the clouds is encrypted.

Redundant data centers are always used to give the service high availability. Operational security measures have been put in place to make sure your data is secure — only you can view or retrieve it.

 

Registration and Activation

Before you can activate a FortiCloud account, you must first register your device. FortiCloud accounts can be registered manually through the FortiCloud website, https://www.forticloud.com,

but you can easily register and activate your account directly from your FortiGate.

 

Activating your FortiCloud Account

1. On your device’s dashboard, in the License Information widget, select the green Activate button in the FortiCloud section.

2. A dialogue asking you to register your FortiCloud account will appear. Enter your information, view and accept the

Terms and Conditions and select Create Account.

3. A second dialogue window will appear, asking you to enter your information to confirm your account. This will send a confirmation email to your registered email. The dashboard widget will update to show that confirmation is required.

4. Open your email, and follow the confirmation link contained in it.

 

Results

A FortiCloud page will open, stating that your account has been confirmed. The Activation Pending message on the dashboard will change to state the type of account you have (‘1Gb Free’ or ‘200Gb Subscription’), and will now provide a link to the FortiCloud portal.

 

Enabling logging to FortiCloud

1. Go to Log & Report > Log Settings.

2. Enable Send Logs to FortiCloud.

3. Select Test Connectivity to ensure that your FortiGate can connect to the registered FortiCloud account.

4. Under GUI Preferences, set Display Logs from FortiCloud, to see FortiCloud logs within the FortiGate’s GUI.

 

Logging into the FortiCloud portal

Once logging has been configured and you have registered your account, you can log into the FortiCloud portal and begin viewing your logging results. There are two methods to reach the FortiCloud portal:

  • If you have direct networked access to the FortiGate, you can simply open your Dashboard and check the License Information widget. Next to the current FortiCloud connection status will be a link to reach the FortiCloud Portal.
  • If you do not currently have access to the FortiGate’s interface, you can visit the FortiCloud website (https://forticloud.com) and log in remotely, using your email and password. It will ask you to confirm the FortiCloud account you are connecting to and then you will be granted access. Connected devices can be remotely configured using the Scripts page in the Management Tab, useful if an administrator may be away from the unit for a long period of time.

 

Cloud Sandboxing

FortiCloud can be used for automated sample tracking, or sandboxing, for files from a FortiGate. This allows suspicious files to be sent to be inspected without risking network security. If the file exhibits risky behavior, or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database.

Cloud sandboxing is configured by going to System > External Security Devices. After enabling sandbox inspection, select FortiSandbox Cloud.

Sandboxing results will be shown in a new tab called AV Submissions in the FortiCloud portal. This tab will only appear after a file has been sent for sandboxing.

For more information about FortiCloud, see the FortiCloud documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.