Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Feature Visibility

Feature Visibility

Various FortiProxy features can be enabled or disabled as required. Disable features are not shown in the GUI.

Go to System > Feature Visibility to configure which features are available.

The following options can be turned on or off by toggling the sliders:

IPv6

Allows you to configure the following IPv6 features from the GUI: network interface addresses, trusted hosts for administration, static routes, policy routes, security policies, and firewall addresses.

VPN

Creates secure communication channels between networks and allows remote users to safely connect to secure private networks using SSL-VPN, IPsec VPN, and FortiClient. Adds the VPN > IPsec Tunnels and VPN > SSL-VPN Settings menus.

Allow Unnamed Policies

Relaxes the requirement for every policy to have a name when created in GUI.

Certificates

Controls the visibility of the System > Certificates menu.

Allows you to change the certificates used for SSL inspection, SSL load balancing, SSL-VPN, IPsec VPN, and authentication. If Certificates is not enabled, default FortiProxy certificates are used.

ICAP

Controls the visibility of the Content Analyses > ICAP Profile, Content Analyses > ICAP Remote Servers, and Content Analyses > ICAP Local Servers pages.

Allows you to offload services to an external server. These services can include: ad insertion, virus scanning, content and language translation, HTTP header or URL manipulation, and content filtering. You can also use this feature to set up profiles and add them to security policies.

Local Reports

Controls whether you cna view PDF security reports in the GUI.

Implicit Firewall Policies

Firewall policy lists end with an implicit policy that denies all traffic. Enable this feature to see these policies on firewall policy lists in the GUI. You can edit an implicit policy and enable logging to record log messages when the implicit policy denies a session.

Multiple Interface Policies

Allows the configuration of policies with multiple source/destination interfaces.

Multiple Security Profiles

Allows you to create more than one antivirus profile, web filter profile, application sensor, IPS sensor, antispam profile, DLP sensor, VoIP profile (if enabled), and ICAP profile (if enabled). You can also select the individual UTM profiles in security policies. Enable multiple UTM profiles if you need different levels of UTM protection for different traffic streams.

Policy-based IPsec VPN

Configures policy-based IPsec tunnels. When enabled, an option is added when creating phase 1 IPsec tunnels to determine if they are interface based or policy based. There will also be an option added under Policy & Objects > Policy to select IPsec as a subtype for VPN policies, and an option to select the IPsec tunnel to use.

SSL-VPN Personal Bookmark

Allows you to view personal bookmarks added by SSL-VPN users to their portal pages. Adds the VPN > SSL-VPN Personal Bookmarks menu. Also allows you to delete usersʼ personal bookmarks.

SSL-VPN Realms

Allows you to create customized realms for different SSL-VPN users and groups. Adds the VPN > SSL-VPN Realms menu. Allows you to associate realms with users and groups in the Authentication/Portal Mapping table under VPN > SSL-VPN Settings.

Traffic Shaping

Allows you to configure policies to define how specific types of traffic are shaped by the FortiProxy unit.

Anti-Spam Filter

Controls the visibility of the Security Profiles > Anti-Spam menu.

Allows you to detect and filter spam. Set up anti-spam profiles (under Security Profiles > Anti-Spam) and add them to firewall policies. Some features require a subscription to FortiGuard Anti-Spam.

AntiVirus

Controls the visibility of the Security Profiles > AntiVirus menu.

Allows you to remove viruses, analyze suspicious files with FortiSandbox, and apply botnet protection to network traffic. Set up antivirus profiles (Security Profiles > AntiVirus) and add them to firewall policies. This feature requires a subscription to FortiGuard AntiVirus.

Application Control

Controls the visibility of the Security Profiles > Application Control menu.

Allows you to visualize and control the applications on your network. Set up application sensors (under Security Profiles > Application Control) and add them to firewall policies. This feature requires a subscription to Application Control Signatures.

DLP

Controls the visibility of the Security Profiles > Data Leak Prevention menu.

Allows you to prevent sensitive data, like credit card and social security numbers, from leaving or entering your network. Set up DLP sensors (under Security Profiles > Data Leak Prevention) and add them to firewall policies.

DNS Filter

Controls the visibility of the Security Profiles > DNS Filter menu.

Allows you to apply DNS category filtering, URL filtering to control a userʼs access to web resources. Set up DNS filter profiles (under Security Profiles > DNS Filter) and add them to firewall policies or add them to a DNS server on a FortiProxy interface. Some features require a subscription to FortiGuard Web Filtering.

Intrusion Prevention

Controls the visibility of the Security Profiles > Intrusion Prevention menu.

Allows you to detect and block network-based attacks. You can set up IPS sensors (under Security Profiles > Intrusion Prevention) and add them to security policies. This feature requires a subscription to FortiGuard IPS.

Web Filter

Controls the visibility of the Security Profiles > Web Filter menu.

Allows you to apply web category filtering, URL filtering, and content filtering to control user's access to web resources. You can set up web filter profiles (Security Profiles > Web Filter) and add them to firewall policies. Some features require a subscription to FortiGuard Web Filtering.

Previous
Next

Feature Visibility

Various FortiProxy features can be enabled or disabled as required. Disable features are not shown in the GUI.

Go to System > Feature Visibility to configure which features are available.

The following options can be turned on or off by toggling the sliders:

IPv6

Allows you to configure the following IPv6 features from the GUI: network interface addresses, trusted hosts for administration, static routes, policy routes, security policies, and firewall addresses.

VPN

Creates secure communication channels between networks and allows remote users to safely connect to secure private networks using SSL-VPN, IPsec VPN, and FortiClient. Adds the VPN > IPsec Tunnels and VPN > SSL-VPN Settings menus.

Allow Unnamed Policies

Relaxes the requirement for every policy to have a name when created in GUI.

Certificates

Controls the visibility of the System > Certificates menu.

Allows you to change the certificates used for SSL inspection, SSL load balancing, SSL-VPN, IPsec VPN, and authentication. If Certificates is not enabled, default FortiProxy certificates are used.

ICAP

Controls the visibility of the Content Analyses > ICAP Profile, Content Analyses > ICAP Remote Servers, and Content Analyses > ICAP Local Servers pages.

Allows you to offload services to an external server. These services can include: ad insertion, virus scanning, content and language translation, HTTP header or URL manipulation, and content filtering. You can also use this feature to set up profiles and add them to security policies.

Local Reports

Controls whether you cna view PDF security reports in the GUI.

Implicit Firewall Policies

Firewall policy lists end with an implicit policy that denies all traffic. Enable this feature to see these policies on firewall policy lists in the GUI. You can edit an implicit policy and enable logging to record log messages when the implicit policy denies a session.

Multiple Interface Policies

Allows the configuration of policies with multiple source/destination interfaces.

Multiple Security Profiles

Allows you to create more than one antivirus profile, web filter profile, application sensor, IPS sensor, antispam profile, DLP sensor, VoIP profile (if enabled), and ICAP profile (if enabled). You can also select the individual UTM profiles in security policies. Enable multiple UTM profiles if you need different levels of UTM protection for different traffic streams.

Policy-based IPsec VPN

Configures policy-based IPsec tunnels. When enabled, an option is added when creating phase 1 IPsec tunnels to determine if they are interface based or policy based. There will also be an option added under Policy & Objects > Policy to select IPsec as a subtype for VPN policies, and an option to select the IPsec tunnel to use.

SSL-VPN Personal Bookmark

Allows you to view personal bookmarks added by SSL-VPN users to their portal pages. Adds the VPN > SSL-VPN Personal Bookmarks menu. Also allows you to delete usersʼ personal bookmarks.

SSL-VPN Realms

Allows you to create customized realms for different SSL-VPN users and groups. Adds the VPN > SSL-VPN Realms menu. Allows you to associate realms with users and groups in the Authentication/Portal Mapping table under VPN > SSL-VPN Settings.

Traffic Shaping

Allows you to configure policies to define how specific types of traffic are shaped by the FortiProxy unit.

Anti-Spam Filter

Controls the visibility of the Security Profiles > Anti-Spam menu.

Allows you to detect and filter spam. Set up anti-spam profiles (under Security Profiles > Anti-Spam) and add them to firewall policies. Some features require a subscription to FortiGuard Anti-Spam.

AntiVirus

Controls the visibility of the Security Profiles > AntiVirus menu.

Allows you to remove viruses, analyze suspicious files with FortiSandbox, and apply botnet protection to network traffic. Set up antivirus profiles (Security Profiles > AntiVirus) and add them to firewall policies. This feature requires a subscription to FortiGuard AntiVirus.

Application Control

Controls the visibility of the Security Profiles > Application Control menu.

Allows you to visualize and control the applications on your network. Set up application sensors (under Security Profiles > Application Control) and add them to firewall policies. This feature requires a subscription to Application Control Signatures.

DLP

Controls the visibility of the Security Profiles > Data Leak Prevention menu.

Allows you to prevent sensitive data, like credit card and social security numbers, from leaving or entering your network. Set up DLP sensors (under Security Profiles > Data Leak Prevention) and add them to firewall policies.

DNS Filter

Controls the visibility of the Security Profiles > DNS Filter menu.

Allows you to apply DNS category filtering, URL filtering to control a userʼs access to web resources. Set up DNS filter profiles (under Security Profiles > DNS Filter) and add them to firewall policies or add them to a DNS server on a FortiProxy interface. Some features require a subscription to FortiGuard Web Filtering.

Intrusion Prevention

Controls the visibility of the Security Profiles > Intrusion Prevention menu.

Allows you to detect and block network-based attacks. You can set up IPS sensors (under Security Profiles > Intrusion Prevention) and add them to security policies. This feature requires a subscription to FortiGuard IPS.

Web Filter

Controls the visibility of the Security Profiles > Web Filter menu.

Allows you to apply web category filtering, URL filtering, and content filtering to control user's access to web resources. You can set up web filter profiles (Security Profiles > Web Filter) and add them to firewall policies. Some features require a subscription to FortiGuard Web Filtering.

Previous
Next