Tag Archives: fortinet firewall

Editing CASI profiles

Editing CASI profiles

The CASI profile application list consists of the Application Name, Category, and Action. A default

CASI profile exists, with the option to create custom profiles. For each CASI profile application, the user has the option to Allow, Block, or Monitor the selected cloud application. The following image demonstrates the ability to Allow, Block, or Monitor YouTube using CASI:editing CASI

When the user drills down into a selected cloud application, the following options are available (depending on the type of service):

lFor business services, such as Salesforce and Zoho:

Option to allow, block, or monitor file download/upload and login.

For collaboration services, such as Google.Docs and Webex:

Option to allow, block, or monitor file access/download/upload and login.

For web email services, such as Gmail and Outlook:

Option to allow, block, or monitor attachment download/upload, chat, read/send message.

For general interst services, such as Amazon, Google, and Bing:

Option to allow, block, or monitor login, search phase, and file download/upload.

For social media services, such as Facebook, Twitter, and Instagram:

Option to allow, block, or monitor chat, file download/upload, post, login.

For storage backup services, such as Dropbox, iCloud, and Amazon Cloud Drive:

Option to allow, block, or monitor file access/download/upload and login.

For video/audio services, such as YouTube, Netflix, and Hulu:

Option to allow, block, or monitor channel access, video access/play/upload, and login.

 

 

CLI Syntax

 

configure application casi profile edit “profile name”

set comment “comment”

set replacemsg-group “xxxx”

set app-replacemsg [enable|disable]

configure entries edit

set application “app name”

 

 

 

 

 

 

 

 

 

next end

set action [block|pass]

set log [enable|disable]

next edit 2

 

 

configure firewall policy edit “1”

set casi-profile “profile name” next

end

 

config firewall sniffer edit 1

set casi-profile-status [enable|disable]

set casi-profile “sniffer-profile” next

end

 

config firewall interface-policy edit 1

set casi-profile-status [enable|disable]

set casi-profile “2” next

end

Cloud Access Security Inspection (CASI)

Cloud Access Security Inspection (CASI)

This feature introduces a new security profile called Cloud Access Security Inspection (CASI) that provides support for fine-grained control on popular cloud applications, such as YouTube, Dropbox, Baidu, and Amazon. The CASI profile is applied on a policy much like any other security profile.

Unfortunately CASI does not work when using Proxy-based profiles for AV or Web fil- tering for example.

Make sure to only use Flow-based profiles in combination with CASI on a specific policy.

CASI

For this feature, Deep Inspection of Cloud Applications (set deep-app-inspection [enable|disable]) has been moved out of the Application Control security profile options.

You will find the Cloud Access Security Inspection feature under Security Profiles > Cloud Access Security

Inspection, but you must first enable it in the Feature store under System > Feature Select > CASI.

7-day time display

7day time display

In FortiOS 5.4, the following FortiGate models now support 7-day time display:

  • FortiGate 1000D
  • FortiGate 1500D
  • FortiGate 3700DX
  • FortiGate 3700D

The option for 7-day time display, however, can only be configured in the CLI using the following command:

config log setting

set fortiview-weekly-data {enable|disable}

end

FortiGuard Cloud App DB identification

FortiGuard Cloud App DB identification

FortiView now recognizes FortiGuard Cloud Application database traffic, which is mainly monitored and validated by FortiFlow, an internal application that identifies cloud applications based on IP, Port, and Protocol. Administrators can potentially use this information for WAN Link Load Balancing, for example.

 

WHOIS Lookup anchor for public IPv4 addresses

WHOIS Lookup anchor for public IPv4 addresses

Reverse IP lookup is now possible in FortiOS 5.4. A WHOIS lookup icon is available when you mouse over a public IP address in a FortiView log. If you left-click on the lookup icon, a new tab is opened in your browser for www.networksolutions.com, and a lookup is performed on the selected IP address (this option persists after drilling down one level in FortiView).

Accelerated session filtering on All Sessions page

Accelerated session filtering on All Sessions page

By default, on a FortiGate unit with NP6 processors, when you enable traffic logging in a firewall policy this also enables NP6 per-session accounting. If you disable traffic logging this also disables NP6 per-session accounting. This behavior can be changed using the following command:

config system np6 edit np6_0

set per-session-accounting {disable | all-enable | enable-by-log}

end

By default, per-session-accounting is set to enable-by-log, which results in per-session accounting being turned on when you enable traffic logging in a policy. This configuration is set separately for each NP6 processor.

When offloaded sessions appear on the FortiView All Sessions console they include an icon identifying them as

NP sessions:

np sessions

You can hover over the NP icon to see some information about the offloaded sessions. You can also use a FortiASIC Filter to view just the accelerated sessions.

New bandwidth column added to realtime FortiView pages

New bandwidth column added to realtime FortiView pages

The FortiView console provides a new bandwidth column that displays information for bandwidth calculated on a per-session level, providing administrators the ability to sort realtime bandwidth usage in descending order.

Visualization support for the Admin Logins page

Visualization support for the Admin Logins page

A useful chart is now generated for Admin login events under FortiView > Admin Logins. You can view the information in either Table View or Timeline View (shown below). In Timeline View, each line represents on administrator, with individual sessions indicated per administrator line. When you hover over a particular timeline, detailed information appears in a tool tip.

cool new chart