NSE4_FGT-6.4 Fortinet NSE 4 – FortiOS 6.4 – FortiGate Firewall V6.4 Part 3

34. Lecture-34:FortiGate Firewall Security Profile & FortiGuard.

Topic of the day is security Profile. Okay? Before we discuss security policies policies is different, guys, the rule which you put either allowed or deny someone only deny and allow something. But security profile, that’s the main thing. You know, when we always discuss about next generation farewell. So these things make normal. Firewall is a next generation Firewall security profile. While I told you. Next generation Firewall is user Identification, content, ID and application. ID. So one of them is Content ID. Content means the content which you are sending and receiving anything.

It can be browsing, it can be file, it can be FTP, it can be email, it can be anything. Whatever you are sending and receiving the communication, you are going outside to the internet and coming back either inside maybe it has to be checked properly. Like an airport when you go to UK airport, either American airport, so they will scan each of everything of you. And especially with Pakistani are more concerned about them, they will more scan them. So these are security profile, they will check you for everything. So security profile to check the file which are sending and receiving, it can be thread, vendorability, wireless, spyware, IPS, IDs, suspicious file, anything for anything, they will check the file is it clean or not? So we call it security profile.

And so many things coming under security profile. Like if you go to Airport USA airport, they will see first they will check you, they will scan you through your machine. Okay, then it’s okay. They say screen. Then they will ask you some basic question. Where are you from? Where are you? Are you from any country? Why? Have you any bankrupt, any other thing, any suspicious enterprise? So many things they will ask you, all these things is called security Profile. Like in the virus, application, control, data, leak prevention, web application, web filtering, intrusion prevention, intrusion detection, voice over, IP solution inspection, file checking, email filtering, DNS filtering, override rule, so many things coming under this security profile to check the files properly, the communication, whatever you are accessing, but it depends on your mode. We haven’t done the mode. Basically I need to do before this one, but anyway, I forgot, next time I will show you. There are two node of Firewall, okay? So antivirus some of the profile, security profile can be enabled from CLI and some of them can be enabled from GI. Graphically, some of them properly work in one mode. These are the mode, okay? Flow mode and proxy mode, which we will discuss in next lecture. You can convert the Firewall and different mode. So these are the security profiles. Some of them are working properly in one mode, some of them working properly in other mode and depend on your deployment.

So that’s why I mentioned GUI means graphically and CLI command line interface as well. But before applying security profile, we just purchase and what we do, we register our 40 gate firewall and we license them. That’s the way to do it first time. So when you license them then you have to register your device with 40 guard. 40 guard? They’re just the services they provide the license update they will check and they will subscribe to up to date signatures. So for that purpose we have to go to 40 guard where 40 guard we can find. So we just licensed our firewall. So the next step is go to system and there is 40 guard. Click on that one and update your signature. So now it’s asking me that your one is registered because I just registered them and here is update license and definition now so virtual machine related is the detail of my operating system and virtual machine intrusion prevention is the version which we will discuss a bit later, don’t worry. So these are the signature database antivirus definition and signature. We are filtering signature and other database as well. So so many things that you need to do, you have to update them. How you can update? There is one way to do it update license and definition so it will take some time to update all the signature up to date. Okay, either what you can do accept push update what is accept push update? So whenever there is a new update, it will automatically update here whatever it is included to IPS, whatever recent update it will do it automatically by default is disabled but you can enable them if you click this small I eight will show you as well. Whenever it’s released the new update, it will automatically update them if you want that one is best. Okay you can then schedule update. So this one is automatic, this one is schedule based. You can schedule them every day, daily base and weekly every day just give them after 2 hours to check it’s up to you after 2 hours it will check if there is any update, it will update all these signature. Signature is nothing but a patron. So if any wire has anything coming, it will check with their patron database which we will discuss in detail later in the course.

And it will check if they found anything, so they will alert them either they will block them, either they will drop whatever you set the video like an airport. If you have anything which is not allowed definitely the machine. The scanner will make a sound so you can schedule daily as well. One a MPM, whatever you want to say. Weekly anyway, I just put every day after 4 hours is up to you. Then they say improve IPS quality. You know, intrusion prevention system if you want. To send anything to 40 gate Far one network. Suppose anything happens. Normally you are helping them, support them, so anything goes. So they will go to their signature database. So in this way they will update their signature database. This one is use extended IPS signature package if you want do more signature updated so you can enable this one. If you want to help them, just enable this one otherwise just forget about this one. It’s not important from where to update the signature. The one we just update them is showing here 22 today you can use us only either you can use lowest litigation location the one which is near to me and it will find out automatically because I register my as a Soviet so it will give me the nearest one. If you are in USA, just click this one to update the signature.

Okay, now, filtering Web cache, they keep the detail so you can put their details date for how long to keep the cache, and also the email cache. Cache is a small memory which keep recent detail. So whenever somebody visiting that one they will take from there rather than to send you to the actual location. And the services are using Https. You can test the connectivity as well. If you say okay, it will test the connectivity and will show you. They say it’s OK, we’re filtering it. So if it is green, if it is down, it means there is no reachability and if you want to see URL evaluation category you can open from here this one. Suppose if you say that Facebook is fall on which category, just put this quote and submit, it will show you. So let’s say Facebook. com is in the category of social networking in case if you say no, it’s a wrong category you can request and you can do it as well. Anyway, so this is URL if you want to find out any specific website category so you can use this link.

Okay, but I don’t need to but anyways here you can go directly by the way they give you just a link. Then there is override 40 gate services. What is override 40 gate server? This normal one they will download automatically from the garden this one if you have another server as a backup, you can create and give them the detail is IP four either IP six either is a fully qualified domain name so they will update the signature from there as well. It’s up to you, but it’s okay that the depart one is okay but if you want so this is called 40 Guard. All your license information will be mentioned in 40 Guard. 40 Guard is nothing. Just to show you your up to date signature detail, to update your signature, to update your IPS engine and URL category and all those things. And to show you the license detail they suggest the services. They also mentioned you here. So we call them 40 Guard. Whenever you license your device, then you have to come to 40 Guard and up to date your signature. All the details from here they said and apply. Okay, so 40 Guard is done, push, update and all those things we’ve dotnet. Okay if I miss something override? Yeah, okay.

35. Lecture-35:FortiGate Firewall Replacement Messages.

We call it replacement messages. After a while I will show you different messages. It will show you like if they block you, they will show you a message. But you can change the banner and you can change the sentence as well due to your company banner. Maybe you want to put that you are not allowed. This is a wireless scan and something whatever you can customize and the message and also the banner and also the buttons. So here you can find that one. So go to system and there is replacement messages. What is replacement messages? When we start for security profile and they block me from something so it will show a message from here. Pre defined banners. These are this one is for email collection. This related to 40 token page. The one which we will use most like URL blog page. If I click on this one, double click so it will show me like this. 40 guard intrusion prevention excess blog with page blog. If you don’t like this one either, you don’t need this logo. You can change from here. These are the HTML format. It’s like HTML xtml CSS. You can create your own banner like the one which is mentioned here. Web page Block so I don’t know where is this one.

Let me put my something so that I can show you later on. So as better the URL requested has been blocked. This one and the message is web page block. Let me type here test keep in mind this test later on I will show you for some reason, if you do a mistake in this banner, what you need to do, you can click on restore default so it will make you the default one. I just put test for extra. You can change the banner, you can change the logo, you can change the message, whatever you want. S, HTML and the one which is where the green tech market means it’s been modified. And the other one is using the default one. So this one is for URL. This one application Control Data Leak Prevention wireless Block Message so the wireless block message is this one. Let me put something extra here. It’s not showing properly. It’s better to use the other. This one, it will show like this, high security Alert so you can change by the way, you can change the text, you can change the banner, you can put exactly your own one as well. So here manage images. These are the images they are using logo. This one, if you don’t need that logo, you can replace to your one. Just click on that one by the way. This one. Okay. So we cannot delete them. We can create our own new one by the way.

So these are the logo which they are using in the banner you can put your own logo, create new, give them anything support and upload your image. Whatever you want to use I don’t have anything right now if I suppose red head it will upload stub because it requires specific. Okay if you upload your own one, you can edit, you can delete and you can search here. Let me go back. So these are to manage the images which is used here. This images by the way, you know this small logo and every banner you will see different one here they are also using the same one. So you can manage your own as well. And you can edit this one. From here either double click these are the name which they are using this banner this the description and HTML and something they are mentioned simple view either extended view it will change them to show in more detail. It’s a good one. Okay, that’s it. So these are the banner keep in mind later now you will see this banner then definitely you will ask from where this banner is coming and can we modify this one? Can we show our own company logo to our user? So yes you can do it from replacement messages definitely you will ask can I change the message to reflect my company detail? So yes, you can do it from here. All these are mentioned here. IQ related network, quartile related security profile. This one is good security profile which we will do. This one. So this one application control antivirus related block message related file blocking related override message related web application. So this one is in good extended view rather than to use a simple view. Okay.

• Category: Uncategorized