NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 – FortiGate Firewall V6.4 Part 4

36. Lecture-36:Security Profile Antivirus Profile.

First profile we will do antivirus profile. Antivirus we know basically antivirus against the virus and virus we discuss in first class. Virus is nothing but an application is required activation to harm and damage your network and services and system. But we also discussed worms as well. Again, you know worms what is the difference between viruses and warm? Warm replicate themself it does not require any activation either any other application to replicate them, it replicates them. So by the way, in the network it can down your network in two minutes, it’s killing the bandwidth.

So this is the difference between virus and warm. Trojan we already discuss trojan is also it looked like a best application but when you click on them so it can spy, it can damage your network and spyware we already discuss again spyware to spy your detail nware means malware warms and viruses. So basically this antivirus profile will check your communication against the viruses, against the warm trojan and spyware. So nobody can go to suspicious URL and download these details. So basically in the virus protecting you from such type of attack and it can be a PDF file, it can be executable file, it can be HTML, HTML, PHP, any file. But antivirus profile require a decryption policy which we will do later in the course because Https I told you, is like a VPN tunnel, nobody can open them so how the firewall will open them.

So firewall require authorization and authorization means a certificate so they can open the fire and see for such type of things. Whereas is one trojan spyware, if anything they found, they will block them if you tell them to block, if you say no, monitor them so they will just pass and generate a logs. If you say no, block and drop them, whatever you say.

So antivirus profile is the good one to check your communication for any activities, spyware, malware viruses and all those stuff. And they have a full huge database of these signatures which I just showed you in 40 guard, a huge database, so many identities so nobody can simply disguise your firewall to pass and download the viruses. So what we will use, we will use a small topology, this is my inside system XP and outside is my net interface and inside I will use any host only or any interface. These two interfaces I will assign 100 IP and net interface, your IP can be changed, it’s up to you. And next hop is two which I told you and we will apply antivirus to check. So this the topology, let me show you.

So my FortiGate firewall and VMware is this one. So I have three interfaces basically, first one is net which I’m using for when and also for management. Second is lane, I put them in a lane segment and third one is also in lane segment but in DMZ. So this is my vein and also management. This is my lane and this means my DMZ. Right now I only need these two. So Ned, I know my subnet because it’s an old slide. I have one, two, two. But the new one I have 192-1681, 114 and my next hop is 1142 here. My next hop is one one two. So I already done the basic configuration which we know from the first day go to interfaces. So lane sigma I’m using 100 van sigma I’m using 114133, which is management as well and when as well.

And DMG right now I’m not using, but it is 201 thing already done, which you already know. In every lab we are configuring interfaces. Second thing to configure DNS eight, eight and eleven. One one is faster. You can see it’s more faster than a Google DNS. So always use this one. Many companies adopt this one now. So eight, eight and eleven two thing. Third thing I configure static route that whatever, give it to the van interface 1142, which I show you next hop IP. And the last thing which I need firewall policy to allow each and everything. So let me do it by sequence, it’s more easy. Okay? And here I gave them the name allowed all lend to win anything, any destination, anytime, any services except them, net them and allow all session. It’s better to do this one. That’s it. So my NSAT interface which I’m using, we change 100. So I put the same XP in the same lane segment. I went to XP, I change the interface to lane segment and put them in the lane, even though I have a DMZ as well. But I right now I need a lane and I give them from the same range. One IP I believe by maybe two. Yeah, 192, 116, one two and 100 is Firewall IP lane just like a gateway for me. 100, that’s it. So it means I can go anywhere to the internet. And also I put eight as a DNS. It’s very important, otherwise it will not go to anywhere. Means the Internet will not work.

So if I go to Facebook, it has to work if I go to LinkedIn because I allowed everything and policy, so nothing is stopped. Okay, it’s going to Facebook and definitely it will go to LinkedIn. But there is a website for testing purpose, eician something. They create this for test purpose, which is related to virus. Okay? So if I visit the virus website, it will work because I just create a policy to allow denied neither to check the file. That’s why we need a security profile, not a security policy. Okay, so let me go to this website if it is open.

Okay, so it’s open this the eicar is something like European something Europe anyway. So let me go to down here is we have some for testing purposes. So let me click on this one. It will download. Look at virus is working, is open. If I download, it will download. Okay, download and even I’m passing the firewall and downloading this wireless file. Why? Because this policy cannot stop me. This is not policy job. This is a security profile job. So now I need a security profile. So go to security profile. The first one is antivirus. There is by default two security profile already created. One is the default one and the other is for WiFi.

If you want to use the default one, it’s okay. It will block most of the stuff. These are the name comment and where are they used. If their reference means how many times they are used somewhere, you can click on this one and clone the exit one. You can edit this one. And because these are the defaults, we cannot delete. And you can search if you have so many. But anyway, let me create my own. Click on create new to create a new antivirus profile and let me give them name antivirus profile this is my profile name comment if you need any comment to write them. Suppose this is antivirus profile up to two five five connected. You can type detect virus which I told you what need to do if I detect virus block them or monitor what is the difference between block and monitor? Block means to block them, it will drop them. You will not download like before I download them, monitor means it will generate a logs here, you know, here in Urs. But it will not drop them monitor it will just generate alert that yes, there is a fire, but it will not stop the fire feature set. Because we haven’t done this one flow based on proxy based animal. At this one it can be anything. An inspected protocol which protocol to check. So I say http Http means hypertext transfer protocol I mentioned here. So let me quickly go through. Http means hypertext transfer protocol.

SMTP means simple mail transfer. This is for email. Pop is also for email post office protocol. Three old protocol for email IMAF internet message access protocol. This is also email protocol. Normally Gmail also using this one mapi messaging application program interface. This is Microsoft Email Services. So again, this is related to email FTP file transfer which we use to transfer the file and CIFS common Internet file system. We using this like any application like FTP file, word file, Excel file all these coming under common Internet file system. Like an internet you will find FTP, TXT, zip file, FTP so many things. So all these coming under this category, then let’s go back. So I enable SMTP IMF FTP and CIF. Then they say treat window executable in email attachment is a virus. If somebody attached.

If you go to your Gmail, you cannot upload exe file directly to test this one. Yeah, normally we zip them and send them. But if you upload something directly to your Gmail, okay, if I click on compose and directly upload any zip file. It will because of firewall they set the same rule that if anybody attach compose and attach any zip file sorry exe file. So consider them as a virus. So until it’s coming. So you can enable this one. Include mobile malware protection. You know your mobile phone if somebody using that one here, let me attach any exe file. If I have somewhere quickly, it will not work. If I go to even the security, there will be software with XDRs one. Now you will see it will give me an error because it’s executable file. After a while it will say no, it’s not allowed. So you can use the same method here. And also for mobile malware, malicious malware which I told you the whole story of malware. And use 40 guard outbreak prevention database. If you want to use their database. 40 guard which I show you 48 before 40 guard sorry. And use external malware blog list if you have any external okay. You can use that one to check for any malware blog list. External we will do somewhere else again, you can put a text file as well. Okay. Look at the block for security reason.

So the same thing here you can enable. Anyway, so my profile is gradient wireless and okay so two are deferred when I create my own. Now how can I attach this to my rule? So go to policy and object firewall policy and the one which we create to allowed anything. Click on that one. Okay. And down you will see here security profile. The first one is antivirus and click on this and choose your one ntvirus profile. That’s it. But let me make SSL this one deep inspection. It require a certificate. Forget about we will do certificate right now it will give me error certificate. But it’s okay. Either I can download the certificate and install in every system then it will not give me error. But anyway, right now we are doing security profile. So I enable security profile. So if anybody coming from lane to lane going for any services to any destination then it will check for antivirus as well. And okay which was not before. Now let’s go back and do the same exercise again. Let me refresh this web page. Okay. This time maybe it will give me certificate error. This graph so it’s okay. Click on advance. Oh my goodness. So it gives me error. We need to refresh this one either. Because when you apply them so you have to clear the history. So let me open again. Okay.

And if I can go to and click this one this time it will give me a certificate. Because I did not download certificate and install here. Okay. So let’s do here. Go to advance. So I need to clear the history. Let’s go to clear browser data in your case set will be not this one I’m using old browser. So sometime you can face this issue. This is due to either you have to restart the system, either you have to clear your browser data or we can use another browser as well. So let me try this browser. Okay, so clear from the beginning. Okay and clear them. Okay if you are using latest browser, hopefully it will not give you because they have so many things in history and old details. So when you apply new rules, they will give you such error. Let me try now again. Okay, so let me reload either we can go to another browser okay, this is also showing me the same error after applying this rule. So what we can do close the browser. Close them. I don’t need to reboot either. Clear all the history in detail. Okay, just wait a minute otherwise I will reboot the system to work. Let me try them again.

For the last time we go to advance here. This time it’s okay. So now I need to go to this website again, the one which we visit them and we’re downloading each and everything. So proceed now. And if I click on this one, hopefully it will stop me this time because now it will check for viruses. So this is due to certificate. Don’t worry, it will show you directly. So look at this message high security alert. I show you this bnaria before the message is this one. It’s taking them from system replacement messages and which is this replacement message related to antivirus. So if we go to virus block message double click. Okay? No, the other one, this one. So this one is showing me here URL and the quadrant file. Let me change in this one where it is mentioned so that I can show you there. So let me go to not permit it. So the main banner this one high security other my test and save. And if I go back and refresh, so there will be my test as well. So it’s proof that it’s getting all the details from their dead banner. You can change them. So it’s mentioning me that this website where you are visiting these things there is a virus and you can find out more detail about this virus from this URL because we are not using any user. So no user, no group, no pattern for anything.

So now I can download how I can verify stop by this firewall. So go to logs and report and there is antivirus. Click on antivirus and you see. We visit three times which has been blocked because I refreshed the page. So blocked block and block which is the file name eicar. com and the source IP. One two is my XP. They were using Https services. This time they visit them and this is the detail of the file. You can click on more detail to see all the detail related. It was critical wireless botnet file name as this, there’s the reference to see more detail related to this one and everything beside here you can go to dashboard and security stuff. You can find from here as well something, it will come after a while but anyway it will show you. It’s come up okay because normally it takes time so it says the file name. You can make them full so it will show you more detail.

This one malware detected. Okay, this is the score of this file. In three session they created and also show you here. And beside this, go to 40 view session. It will be in session as well because station is showing you everything. Anyway, it will just show you the session. There is another thing because I install the latest version so they just change a few things. Even I don’t I’m not used to. With this one I install Virgin 6. 42 to the latest one so they change a bit view. So that’s why I’m also a bit confused. But anyway, it’s okay. What was this? No security fabric? No, it will not show here. There is another way. Security logs in forward interface.

You can also verify from here as well. Okay, if I close this one so it will show me here again, you can go to more detail and see the forward interface. But the best way is to verify from here either from dashboard so let’s go. If I miss something, we apply them, we create our own and we test to visit this website. So it is being blocked from 40. You also thread? Yeah, they removed the thread. I believe I was about to show you that one. So they removed the thread from here and the new one anyway, it’s okay. From thread you cannot verify from antivirus. We already test them. So this is the antivirus profile to attach to your security.

37. Lecture-37:Security Profile Web Filter Profile.

Security profile is related to web filtering. Web filtering either URL filtering URL means universal resource locator with definitely web filter to filter them like a filter, you know this filter if I have this one, it’s like a filter filter something. So web filter if you want to control and classify five with browsing based on content. So we are using with filtering. Maybe you want to block phishing site, http based, Https based, spy bear website and maybe you want to block on your policy base, maybe your company say that blog, Facebook, either dailymotion Youtube. com, it’s up to your company, maybe LinkedIn, maybe any other social media or maybe any exploit website, malicious website, malware website, spyware website, antivirus website. So you can use web filtering. By default there is two by deferred policy. I believe if I go to security profile this time we want to do web filtering. So by default there are three policy already created for us. Deferred one, you can use this one monitor all it will just monitor. Monitor means it will generate lock but it will not stop. Okay, keep in mind and this one is related to WiFi. So the three rules are already there, we can create or customize. So what we need to do so if somebody reach here and you have apply URL filter, it will check the URL if you already define them and what action they will take. If you apply any action, you can apply this rule through UI and also through CLI. It’s up to you to control your web browsing, to control your web traffic, to control your URLs malicious and malware anything.

So there are three predefined which I told you and just show you. We will use the same topology. Basically they have some model which is a WiFi built in as well and also they are using WiFi so that one is built in for that one. Because right now I cannot show you WiFi related stuff because we don’t have any WiFi or something. So that’s why I’m ignoring them and even don’t need it. Normally you will use the one which we are doing properly. So we will use the same topology. Native I’m connected outside and host toole I’m connected inside. We are using virtual machine. This time I’m using URL filter and URL filter this time I will block a Facebook. So let me go back. Can I use a Facebook first? Let me test them before blocking. So I hope so I can already have here a link rather than to type here I have a Facebook so let me go. Yes, so go to advance, proceed so yes, I can access Facebook. Okay, just two minutes again it’s come up. Yeah. So I can access Facebook. com.

Okay, let me refresh. The speed is slow so that’s why it’s showing me in this format. But anyway I can reach to Facebook. com either. Let me open in this browser. For some reason my speed is slow. Okay let me go there and type Facebook. Okay go to advance this browser is still the same issue which I told you. So I need to clear the browser history and either restart so better to use this one. Okay. And also I can test by another way is an incognito window. Okay and let me go to Facebook anyway it will go because I never stopped them. So definitely I can log in. Now let’s apply our rule. So I’m here security profile with filtering. I already have three, I don’t want to use this one again, these are the name, these are the description comments in reference where they are used. We can clone them, we can edit them and we can delete if we created our own and we can search. Here is a create new click on that one and web filter profile. And also you can give them any command feature set again, I told you we will do this one. Okay. They have their own category 40 card which I show you 40 guard. They have their own category. They categorize them in which thing are potentially liable one added in mature contents. Okay. Bandwidth consuming category, security risk category, general interest, personal and so on. So many category they have based on the first one.

And they say there are some possibility which you want to apply. You know, somewhere is warning, some is allowed and maybe someone is blocked and any other thing those same. So let me clear you allow means definitely to allow monitor. I just told you this. I means just to show they will just watch you and they will generate a log but they will never stop you. So it’s called a monitor. Okay. Then there is blog block definitely it will stop you. So it’s just this URL warning means it will give you warning but you can continue and browse the website. I will show you all these four and authenticate means they will ask your username and password. So if you authenticate then you can proceed and log in the website and you can accept that URL. So this is a username and password base. This warning means it will give you a warning but you can continue. Block will drop and monitor will just swatch and generate logs and allow definitely log. Okay but this is their category, not our one. So why not do their category first. Then we will move forward what is down there. So let me change something where to go which we know properly. So we are streaming normally we know streaming media. So it’s better to use this one. So streaming media and download which is allowed by default. Streaming media and download is showing here. It’s a website that like YouTube, Mp3. com, Yoko. com Dailymotion, these are just a few examples. So streaming media is allowed. I want allowed. We already know so I don’t care about allowed. I want to see blog. These one streaming media and download blog and I apply so my new profile is ready with filtering where streaming media is block how we can use go to Policy and object go to your Firewall policy. We have only one policy. If you have too many, you have to attach them to every and go to I don’t need the antivirus one, so just let me remove and click this one this time with filtering. And my one is with filtering profile. Nrlk okay, so now let’s see before it was accessible facebook. com social media by the way of not Facebook.

So in this one we need to test Youtube. com in dailymotion. So first I need to type Youtube. com. Okay? So it’s a 40 god intrusion prevention access block why the category is Social media and download because I removed the antivirus one, I have only one profile which is related to wave filtering. So apply wave filtering and block YouTube because it’s coming under streaming media and download in the same way we have Daily Motion. I don’t know if type correctly or not. Yeah, so it says Daily Motion is also blocked under social media and download. How I know that it is blocked by Firewall policy and security profile combine them so go to Logs and Report and this time instead of antivirus, go to Web Filter. So in Web filter, they say in this time, this user, this source action was blocked because of URL daily motion. It’s coming under categories streaming Media and Download. And these are the detail. And if you want to go in more detail, click on Detail. It will show you more detail, why it’s been blocked and which policy has been used. Either I can verify from forwarding traffic as well it said deny by UTM block Daily Motion. Daily Motion has been blocked by UTM block policy UTM we know which I told you in the beginning of YouTube has been blocked the result by forwarding traffic and also you can go to dashboard status. Okay? And no, that is not there in security.

Okay? So in security there is another tab, they remove them by the way in the new one and also they change this one. So anyway, but at least you know how we can verify them. I think it should be in this one. Now they change them to 40 wid website some of the things will take time to show you here because I need to increase the ram to do it quickly and also for our station, it will show you the station. By the way, these are just to show you the station so it’s better to verify from there. So it’s done now, but what we done, we use their own category. If I go back to security profile with filtering, the one which I created double click and what I done, I use dear one. Let me remove dear 140 card category base. I don’t use dear one. They have so many categories okay, it’s better to do it why not show you the other thing allowed this time? Block so block we just share warning so let me go to streaming media again what was the streaming media? And this time let me put them before we move forward okay, I need to verify these four things to you so let’s go to bank to various media which we just stopped here streaming media right click here and this time I save warning they say warning and 100 how many hours? This is our how many minutes and how many seconds so they will give you a warning after five minutes this is minute, this is our after five minutes they will disconnect you and ask you to log in again. Anyway, let me put the same one. I just need to show you the difference.

Not to tell you what is the major difference between warning and okay. Because this rule is already applied. I just modify the rule. Let me go back and refresh. This time there will be a warning. Look at to have rating of the web reevaluate. Look at it safe. Proceed. Just a warning, fiscal warning and proceed. And it will go to daily motion. That’s it. In advance. Because I don’t have a certificate. That’s why it’s showing me this one. And look at let’s go to daily motion. And it will go daily motion. Oh, my goodness. It has to go. After five minutes, it will be disconnected and will show me this banner again for some reason. Let me go to YouTube. So before message there was no this one there was no go back and proceed. Now we have a proceed and go back to proceed.

And you can go to Youtube. com, by the way. I might be trying it’s okay, let me take them anyway. It will take you in real world because now I need to restart this system that’s why they are showing all the stuff either I need to install the certificate then these are the issue will be done but because we never study certificates so I don’t want to involve you in there, but it will be. Proceed. Let me change them. Go to bag two. So it’s giving you a chance to enter and block. It never give you a chance. Okay. It just block you. Okay. Let me go to streaming media, and this time let me say authenticate now. Authenticate? For how long? So I say five minutes if you want to use a user, I think so we created last time one user. Yeah, we create user, but it’s asking the group.

So let me create quickly one user and group. So create and firewall group support, test and member is we created last time. I delete that user. Okay, it’s the new one, new firewall. So let me create one quick user, user, one password, one, two, three. Next, no authentication. And put them in this group. The one which we created. Okay, we don’t have submit and let me click this user. So test is the group name and user one is inside and I add the test group here. Okay, don’t worry about user and group you will do in detail. So this time I say streaming media and download the user has to authenticate then proceed. They can use YouTube, daily motion and all those websites okay, no need to apply again because this policy is already apply I just modify them so no need to apply it’s already here. So now go back this time the situation is totally different. If I go to Youtube. com, youtube. com it will ask username and password to put look at proceed it’s okay after a while it will ask me username and password. So proceed. Okay, now if I click it will ask me username and password. This thing is killing me so it’s better if for some reason if I can use this it will ask you basically username and password to proceed. That’s the thing which I need to show you. So these are the three different things to do it.

This browser for some reason can start there is a new private browsing maybe it will work on Youtube. com. Okay, so it will ask me to proceed. Oh my goodness, this one is also doing the same thing. Anyway, after this they will ask for a username and password which I mentioned here by the way if I done this one so let me show you maybe if I done okay, yeah, so proceed and after this one you click proceed it will ask you like this, username and password. So when you put the username and password and continue you will visit the website. So this is the difference between all these category. So let’s go back to security profile with filtering. Okay, so where we was this one okay, streaming media so we know allow, we know block now we know warning, it gives me a warning and then proceed authentication, give me a warning and then when I put username and password then it proceed and monitor is nothing. If I apply monitor here it will proceed but it will just generate alert. So if I go back and if I go to Youtube. com either dailymotion okay, advance because this is due to certificate it’s showing me this error advance, proceed. Okay, so it’s going but it will generate logs here. If I go there and go to wave filtering you will see here the difference. It says pass through.

Okay, so it’s passed them just that they say the category has been hit streaming media and download but if I visit Facebook, it will not show me here because we never apply this one on Facebook, we only apply them on streaming media. So this is the difference. Maybe you will say no, no, it will show all the logs. No, no, no. It will show you only related to streaming media, which is coming on that category. If it is blog, so it will show you blog, and if it is monitor, it will show you pass through here, it says, yeah, this guy passed through, just to let you know, because you told me to monitor this guy. So let me tell you, I cannot stop them. But he went inside either he went outside. So this is called monitor. So let me go back to security profile wave filtering, we have so many things to control through web filtering so this was their default one allowed monitor, block, warning and authenticate and they have so many categories, let me stop this one. Now they say allow user to override block category. So it means if I block social media, let me block them again. I need to go beg and I need to block them. So now social media is blocked again, once again, sorry, streaming media. So if I go to YouTube either daily motion again, so they will stop me. So let’s see, they’re going to stop me or not and also better to use them so they say block me, there is no nothing here, I cannot go down. Maybe you will say proceed. No, proceed is here, this is the whole page because this exists is blocked.

So now let’s come to another point here, this one, let’s say allow user to override block category whatever you block there, he is a special person to arrive that rule, this can be only done in India and Pakistan, not in UK. In UK everybody is equal but in Pakistan there is VIP culture and anybody like there is no time for bank. So it means nobody can go inside. But in Pakistan, in India if you have a reference you can go inside anytime. So this rule is for India. In Pakistan they say block invalid URL, sorry, there is override this one so allowed user to override block kitty now social media, streaming media nobody can access but this guy can do from test group where user one is exist profile apply them. The default one, he can do anything switch apply to user by user base either user group, we are using user group by IP you can put his IP to allow them and ask them to put your detail. But anyway, I can use user either user group, both are equal because we put user here and this switch duration for how long? Anyway, if we can switch the IP, but anyway it’s enough for us to test them override rule, just to show you. Okay, now let’s go here and refresh this one. Okay, so if I refresh them, it has to show me. Yeah so override is there now before it was not there override. Now it will ask again, it will not show me, it will ask me the username and password. So when I put the username and password it will allow me for some reason I don’t know why it’s giving me this error.

Okay, anyway, I cannot show you again. It will be like this one if I didn’t do this one here. So anyway, so this is called Uber ride. That special person can go but rest of everybody will be stopped. So done this one. And now done this one. Now there is a static URL filter. So maybe something which is not mentioned here either. If I stop streaming media, every streaming media stop. If I stop social media, every social media stop. If I stop gambling, every gambling stop. But no, I need a specific thing. Then you can use static URL filter, block envelope URL, maybe a URL which is not a licensed one, which has no certification, which have broken one. So it will stop you. That one. That one is related to this one. Anyway, it’s not that much important but if you want to enable it’s okay, this one URL filter. Enable this one. And now I want to block www. facebook. com simple. Either regular expression you can use regular expression and word card. Regular expression and word card means to put like a here. Suppose if you say star. So anything after that can be acceptable and it can be drawn. And either you can put star before Facebook. Action means exempt them. No, I don’t want to exempt this one. It will be loud. I want to block. Yes. I want to allow this URL. No, I want to monitor. So you know, block allowed and monitor. The only thing a new one exempt means to exempt this one. You want to enable this rule. Enable or disable. So I say yes, I want to enable. So this is my static group. Because if I create here, there is also social media. But social media will stop each and every social media thing there is. Which there is social media. If I go to social media, this is health related here, this one. If I stop social networking, Facebook, Twitter, WEMBO week so many things will be stopped because I don’t have a control. But here I just want allow Twitter. Allow LinkedIn. But I just want Facebook. You can edit, you can delete and you can add so many URLs. You can create a new one as well and ed edit it. That’s it. And now okay, I disable this one. Keep in mind just Facebook. com and okay.

Because the rule is already apply. So no need to reapply and come here and type Facebook. It will be block. If I click on Facebook this time it will show me the static URL. Okay, it’s blocked but it’s better to do it by here. It’s not showing me the banner properly. So that’s why I’m just checking if it blocked me. By the way, it’s okay but for some reason not showing me banner. It’s okay sometimes because you don’t have a license. So that’s why sorry certificate. So that’s why it’s not showing properly. But it’s blocked me. How we know go to logs and report and with filtering okay. And here is Facebook. It says it’s blocked not a streaming media. We have our own static lev block them. So that’s why Facebook has done it two, three, four times. So that’s why showing me it’s blocked. So it means it’s working. Let’s go back to our security profile with filtering in our one and let’s just something more. So let me remove this one again. Then they say block malicious URL discover by 40 sandbox. 40 sandbox is like a polar to wildfire. So they will check there anyway if you want so you can but it require a license. But I have a license. So we can use this one.

Now it says content filter. Content filter to check extra file in something. So click on this one. You can give them any file like a patron, anything. Okay language you can choose any language action you can and you can use regular expression as well. And you can use this one to content filter again any URL, anything you can put and they will drop in same like a static one. Then this related to rating option just if you want to help them. What is called 40 gate firewall network. So you can enable to help them anything if you want to help them. Proxy. This is proxy related with no need of this one. What else? Okay that’s it. So this was with filtering we can do our static entry, we can use their own category and we can use other content either file and anything we can plug to use content filter and rating options just to help them. So if you want any website which is here or something so they will send to FortiGate to help them to recognize bitter next time with your URL category and everything. And this is the proxy related. We don’t have any proxy neither. We can use them related stuff. So this was let me go there if I missed something. So we’ve done URL filter. We can use static to stop them regular expression either. We can use WorldCard like this one Facebook. So anything which URL in FA is there so it will stop. The one which I put I put like this one.

This is a simple example. There was you say there was simple and also a regular and expression world card. So this is called WorldCard. You can use this one. So Facebook comfast. com everything will be blocked because all these URL have FA. And this one, the one which I use, I say only statically block Facebook. So this is the difference between simple and word card block. We already know to block them. Allowed to allow monitor just to test and generate logs and exempt to bypass them something if you want. And this is the way to apply the rule. Then we verify Facebook. And here you can see the logs okay. 40. Got filter? Yeah. These things, we already test them. And we test this one as well. And we check warning. We also check the warning as well. It was showing warning. And then you click proceed. It will show you. Okay, authenticate. This the one which we done. But it was not properly show for some reason. So when you click proceed, then you have to type the user. Then it will log in you quota there has been removed. In the new one, there were used to quota. Okay, so you can use a quota. Quota is nothing. Just how much bandwidth they can use. So when there much is reached, so they will block them. They will not use any more internet. So this is called user quota which has been removed. That’s why it’s the old one. So you can use that. Okay?

• Category: Uncategorized