Vous êtes sur la page 1sur 21

Fortinet Configuration Report

Hostname: "FG3600-Internet"

This is an example documentation made with AUTODOC. For more information please visit www.autodoc.ch

FortiGate FG3600

Firmware Version 2.80 build489 build date 051027 Report printed on SCSY-2 at 11/28/05 18:09:22 with autoDOC Version 6.10

Firewall Report for Customer XYZ

1. System Configuration
Fortigate is configured in Route/NAT mode.

202.22.22.1 202.22.22.22 255.255.255.192 port1: pppoe port2: 10.10.10.1 255.255.255.0 port3: 192.168.210.100 255.255.255.0 port4: 192.168.220.100 255.255.255.0 192.168.10.99 255.255.255.0

1.1 Status
Paramater Host Name Operation Mode Key FG3600-Internet Route/NAT

1.2 Network
1.2.1 Interface
Name external internal port1 port2 port3 port4 IP - Netmask 202.22.22.22 255.255.255.192 192.168.10.99 255.255.255.0 pppoe 10.10.10.1 255.255.255.0 192.168.210.100 255.255.255.0 192.168.220.100 255.255.255.0 Access ping https ssh ping ping Ping Server 202.11.11.11 80.11.11.11 MTU Log enable enable

Nov 2005

Page: 1

Firewall Report for Customer XYZ

1.2.1.1 Konfiguration auf Interface "port1"


Adressing Mode User Unnumbered IP Initial Disc Timeout Initial PADT Timeout Distance Retrieve default gateway from server Override internal DNS Connect to Server PPPoE user@testisp.ch 1 1 20 enable enable

1.2.2 DNS
DNS Server Primary Secondary IP 195.186.1.121 195.186.4.121

1.3 DHCP
1.3.1 Service
Interface external internal Service NONE DHCP Server
Name Domain Default Gateway IP Range / Network Mask Lease Time DNS Server WINS Server Options "internal_dhcp_server" 192.168.10.99 192.168.10.210-192.168.10.220 / 255.255.255.0 7 days, 0 hours, 0 minutes 192.168.10.99

port1 port2 port3 port4

NONE NONE NONE NONE

1.4 Config
1.4.1 Time
Timezone (GMT+01:00) Amsterdam, Berlia, Bern, Rome, Stockholm, Vienna Adjust for Daylight Saving Changes enable

Set Time Synchronize with NTP Server

NTP Server 132.246.168.148

Syn Interval 60 min

Nov 2005

Page: 2

Firewall Report for Customer XYZ

1.4.2 Options
Parameter Idle Timeout Auth Timeout Web Administration - Language LCD Panel Dead Gateway Detection Key 20 30 english enable (XXXXXX) Detection Interval: 5 (seconds) Fail-over Detection: 5 (lost consecutive pings)

Nov 2005

Page: 3

Firewall Report for Customer XYZ

1.4.3 Replacement Messages


Mail virus message file block message oversized file message fragmented email virus message (splice mode) file block message (splice mode) oversized file message (splice mode) HTTP virus message "Dangerous Attachment has been Removed. The file \"%%FILE%%\" has been removed because of a virus. It was infected with the \"%%VIRUS%%\" virus. File quarantined as: \"%%QUARFILENAME%%\"." "Potentially Dangerous Attachment Removed. The file \"%%FILE%%\" has been blocked. File quarantined as: \"%%QUARFILENAME%%\"." "This email has been blocked. The email message is larger than the configured file size limit." "Fragmented emails are blocked." "The file %%FILE%% has been infected with the virus %%VIRUS%% File quarantined as %%QUARFILENAME%%" "The file %%FILE%% has been blocked. File quarantined as: %%QUARFILENAME%%" "This message is larger than the configured limit and has been blocked."

file block message oversized file message banned word message URL block message client block client anti-virus

client filesize client banned word

"<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to download the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\". </p><p>URL = http://%%URL%%</p><p>File quarantined as: %%QUARFILENAME%%.</p></BODY></HTML>" "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to download the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>" "<HTML><BODY> <h2>Attention!!!</h2><p>The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.</p> <p>URL = http://%%URL%%</p> </BODY></HTML>" "<HTML><BODY>The page you requested has been blocked because it contains a banned word. URL = http://%%URL%%</BODY></HTML>" "<HTML><BODY>The URL you requested has been blocked. URL = %%URL%%</BODY></HTML>" "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to upload the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>" "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to upload the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\". </p><p>URL = http://%%URL%%</p><p>File quarantined as: %%QUARFILENAME%%.</p></BODY></HTML>" "<HTML><BODY> <h2>Attention!!!</h2><p>Your request has been blocked. The request is larger than the configured file size limit.</p> <p>URL = http://%%URL%%</p> </BODY></HTML>" "<HTML><BODY>The page you uploaded has been blocked because it contains a banned word. URL = http://%%URL%%</BODY></HTML>"

FTP virus message blocked message oversized message Alert Mail test message virus message block message intrusion message critical event message disk full message

"Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%." "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." "File size limit exceeded."

"Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " "The following intrusion was observed: %%NIDS_EVENT%%." "The following critical firewall event was detected: %%CRITICAL_EVENT%%." "The log disk is Full."

Nov 2005

Page: 4

Firewall Report for Customer XYZ

Spam Email IP RBL/ORDBL message HELO/EHLO domain Email address Mime header Returned email domain Banned word FortiShield URL block Category Block URL block message

"Mail from this IP address is not allowed and has been blocked." "This message has been blocked because it is from a RBL/ORDBL IP address." "This message has been blocked because the HELO/EHLO domain is invalid" "Mail from this email address is not allowed and has been blocked." "This message has been blocked because it contains an invalid header." "This message has been blocked because the return email domain is invalid." "This message has been blocked because it contains a banned word."

HTTP error message

"<html><head><title>Webfilter Violation</title></head><body><font size=2><table width=\"100%\"><tr><td>%%FORTINET%%</td></tr><tr><td bgcolor=#ff6600 align=\"center\"><font color=#ffffff><b>Web Page Blocked</b></font></td></tr></table><br><br>You have tried to access a web page which is in violation of your internet usage policy.<br><br>URL:&nbsp;%%URL%%<br>Category:&nbsp;%%CATEGORY%%<br><br>To have the rating of this web page re-evaluated please contact your administrator.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>" "<html><head><title>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</title></head><body><font size=2><table width=\"100%\"><tr><td>%%FORTIGUARD%%</td><td align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\" colspan=2><font color=#ffffff><b>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</b></font></td></tr></table><br><br>The webserver for %%URL%% reported that an error occurred while trying to access the website. Please click <u><a onclick=\"history.back()\">here</a></u> to return to the previous page.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"

1.5 Admin
1.5.1 Administrators
Adminstrator admin monitor Permission prof_admin read Trusted Host #1 192.168.10.0 255.255.255.0 Trusted Host #2 Trusted Host #3

1.5.2 Access Profile


"prof_admin" Access Control System Configuration Log & Report Security Policy Auth Users Admin Users FortiProtect Update System Shutdown Read yes yes yes yes yes yes yes Write yes yes yes yes yes yes yes

"read"

Access Control System Configuration Log & Report Security Policy Auth Users Admin Users FortiProtect Update System Shutdown

Read yes yes yes yes yes yes yes

Write

Nov 2005

Page: 5

Firewall Report for Customer XYZ

1.6 Update Center


Paramater Use override Server Address Allow Push Update Scheduled Update Key No Yes Yes - every - 1:15

2. Router
2.1 Static Routes
# 1 2 3 Destination IP / Mask 0.0.0.0 0.0.0.0 10.10.11.0 255.255.255.0 10.10.12.0 255.255.255.0 Gateway 202.22.22.1 10.10.10.250 10.10.10.111 Device external port2 port2 Distance 10 10 10

2.2 RIP
2.2.1 General
Parameter RIP Version Default Metric Default-information-originate RIP Timers Redistribute Value 1 1 disable Update 30 (seconds) Timeout 180 (seconds) Connected Static Garbage 120 (seconds) disabled disabled

Nov 2005

Page: 6

Firewall Report for Customer XYZ

3. Firewall
3.1 Policy Overview
3.1.1 external -> port2
ID 11 8 9 Source pptp-range all all Destination Schedule DMZ_All always VIP_WebServer always VIP_SMTP_Server always Service ANY http smtp Action accept accept accept NAT Anti-VirusLog enable strict strict Status enable enable enable

3.1.2 internal -> external


ID 14 15 16 7 13 Source Internal_Net Internal_Net Internal_Net all Internal_Net Destination FG60_2_LAN MUVPN-1 MUVPN-2 all all Schedule always always always always Operational Hours Service Action ANY encrypt RDP encrypt ANY encrypt DNS accept InternetService accept NAT Anti-VirusLog scan scan scan enable Status enable enable enable enable enable

enable enable

3.1.3 internal -> port1


ID 12 4 Source all Internal_Net Destination all all Schedule always Operational Hours Service Action DNS accept InternetService accept NAT enable enable Anti-VirusLog enable Status enable enable

3.1.4 internal -> port2


ID 10 Source Internal_Net Destination DMZ_All Schedule always Service ANY Action accept NAT Anti-VirusLog scan Status enable

3.1.5 port2 -> external


ID 17 Source DMZ_All Destination all Schedule always Service ANY Action accept NAT enable Anti-VirusLog scan enable Status enable

3.2 Policy Detail

Nov 2005

Page: 7

Firewall Report for Customer XYZ

3.2.1 external -> port2


ID 11 Source Destination Schedule Service Action Protection Profile Log Authentication ID 8 Source Destination Schedule Service Action Protection Profile Log ID 9 Source Destination Schedule Service Action Protection Profile Log pptp-range DMZ_All always ANY accept enable enable Range 192.168.10.110 - 192.168.10.112 Address Group: "DMZ_net" "DMZ_11" "DMZ_12" Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Not activated Usergroups: "admin-group"

all VIP_WebServer always http accept strict disable

Subnet 0.0.0.0 0.0.0.0 Port Forwarding (VIP): external/202.22.22.35 (tcp/80) -> 10.10.10.10 (tcp/80) Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service

all VIP_SMTP_Server always smtp accept strict disable

Subnet 0.0.0.0 0.0.0.0 Port Forwarding (VIP): external/202.22.22.34 (tcp/25) -> 10.10.10.11 (tcp/25) Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service

Nov 2005

Page: 8

Firewall Report for Customer XYZ

3.2.2 internal -> external


ID 14 Source Destination Schedule Service Action VPN Tunnel Protection Profile Log ID 15 Source Destination Schedule Service Action VPN Tunnel Protection Profile Log ID 16 Source Destination Schedule Service Action VPN Tunnel Protection Profile Log ID 7 Source Destination Schedule Service Action NAT Protection Profile Log ID 13 Source Destination Schedule Service Action NAT Protection Profile Log Internal_Net FG60_2_LAN always ANY encrypt Tu-Geneve scan disable Subnet 192.168.10.0 255.255.255.0 Subnet 192.168.20.0 255.255.255.0 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Allow inbound Allow outbound;

Internal_Net MUVPN-1 always RDP encrypt Mobile-T1 disable

Subnet 192.168.10.0 255.255.255.0 IP 192.168.10.240 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Custom Service: TCP / 1-65535:3389-3389 Allow inbound Allow outbound; Not activated

Internal_Net MUVPN-2 always ANY encrypt Mobile-T2 scan disable

Subnet 192.168.10.0 255.255.255.0 IP 192.168.10.241 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Allow inbound Allow outbound;

all all always DNS accept enable disable

Subnet 0.0.0.0 0.0.0.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Dynamic IP Pool: disabled; Fixed Port: disabled Not activated

Internal_Net all Operational Hours InternetService accept enable scan enable

Subnet 192.168.10.0 255.255.255.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: monday tuesday wednesday thursday friday 08:30 18:00 Service Group: "FTP" "HTTP" "HTTPS" "NNTP" "POP3" Dynamic IP Pool: disabled; Fixed Port: disabled

Nov 2005

Page: 9

Firewall Report for Customer XYZ

3.2.3 internal -> port1


ID 12 Source Destination Schedule Service Action NAT Protection Profile Log ID 4 Source Destination Schedule Service Action NAT Protection Profile Log Authentication all all always DNS accept enable disable Subnet 0.0.0.0 0.0.0.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Dynamic IP Pool: disabled; Fixed Port: disabled Not activated

Internal_Net all Operational Hours InternetService accept enable enable enable

Subnet 192.168.10.0 255.255.255.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: monday tuesday wednesday thursday friday 08:30 18:00 Service Group: "FTP" "HTTP" "HTTPS" "NNTP" "POP3" Dynamic IP Pool: disabled; Fixed Port: disabled Not activated Usergroups: "admin-group" "user-group"

3.2.4 internal -> port2


ID 10 Source Destination Schedule Service Action Protection Profile Log Internal_Net DMZ_All always ANY accept scan disable Subnet 192.168.10.0 255.255.255.0 Address Group: "DMZ_net" "DMZ_11" "DMZ_12" Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service

3.2.5 port2 -> external


ID 17 Source Destination Schedule Service Action NAT Protection Profile Log DMZ_All all always ANY accept enable scan enable Address Group: "DMZ_net" "DMZ_11" "DMZ_12" Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Dynamic IP Pool: disabled; Fixed Port: disabled

Nov 2005

Page: 10

Firewall Report for Customer XYZ

3.3 Addresses & Groups


3.3.1 Address
Adress Name all DMZ_11 DMZ_12 DMZ_net FG60_2_LAN Internal_Net MUVPN-1 MUVPN-2 pptp-range Type Subnet Subnet Subnet Subnet Subnet Subnet IP IP Range IP 0.0.0.0 0.0.0.0 10.10.11.0 255.255.255.0 10.10.12.0 255.255.255.0 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0 192.168.10.240 192.168.10.241 192.168.10.110 - 192.168.10.112

3.3.2 Address-Groups
Group Name DMZ_All Member "DMZ_net" "DMZ_11" "DMZ_12"

3.4 Services
3.4.1 Custom Services
Service Name ICA Radius-1 Radius-2 RDP Detail TCP / 1-65535 : 1494-1494 UDP / 1-65535 : 1645-1645 UDP / 1-65535 : 1812-1812 TCP / 1-65535 : 3389-3389

3.4.2 Service Group


Group Name InternetService Radius-Services Members "FTP" "HTTP" "HTTPS" "NNTP" "POP3" "Radius-1" "Radius-2"

3.5 Schedule
3.5.1 Recurring Schedules
Name always Operational Hours Day sunday monday tuesday wednesday thursday friday saturday monday tuesday wednesday thursday friday Start 00:00 08:30 Stop 00:00 18:00

3.6 Virtual IP
Name VIP_SMTP_Server VIP_WebServer Type Port Forwarding Port Forwarding IP external / 202.22.22.34 external / 202.22.22.35 Service Port tcp / 25 tcp / 80 Map to IP 10.10.10.11 10.10.10.10 Map to Port tcp / 25 tcp / 80

Nov 2005

Page: 11

Firewall Report for Customer XYZ

3.7 Protection Profile


3.7.1 "scan"
Anti-Virus Splice Virus Scan File Block Pass Fragmented Emails Buffer to Disk Oversized File/Email Add signature to outgoing emails Web Filtering Web Content Block Web URL Block Web Exempt List Web Script Filter Web Resume Download Block Web Category Filtering Enable category block Block unrated websites Details for blocked HTTP 4xx and 5xx errors Rate images by URL Allow websites when a rating error occurs Spam Filtering IP address FortiGuard - AntiSpam check URL FortiGuard - AntiSpam check IP address BWL check RBL & ORDBL check HELO DNS lookup E-mail address BWL check Return e-mail DNS check MIME headers check Banned word check Spam Action Append to: Append with: IPS IPS Signature IPS Anomaly Content/Archive Log Display content meta-information on dashboard Archive content meta-information to FortiLog Value HTTP enable FTP enable enable IMAP enable POP3 enable SMTP enable enable

block disable HTTP

block

pass

pass

pass

HTTP

IMAP

POP3

SMTP

tag subject Spam

tag subject Spam

tag MIME Spam:

HTTP enable

FTP enable

IMAP enable

POP3 enable

SMTP enable

Nov 2005

Page: 12

Firewall Report for Customer XYZ

3.7.2 "strict"
Anti-Virus Splice Virus Scan File Block Pass Fragmented Emails Buffer to Disk Oversized File/Email Add signature to outgoing emails Web Filtering Web Content Block Web URL Block Web Exempt List Web Script Filter Web Resume Download Block Web Category Filtering Enable category block Block unrated websites Details for blocked HTTP 4xx and 5xx errors Rate images by URL Allow websites when a rating error occurs Spam Filtering IP address FortiGuard - AntiSpam check URL FortiGuard - AntiSpam check IP address BWL check RBL & ORDBL check HELO DNS lookup E-mail address BWL check Return e-mail DNS check MIME headers check Banned word check Spam Action Append to: Append with: IPS IPS Signature IPS Anomaly Content/Archive Log Display content meta-information on dashboard Archive content meta-information to FortiLog Value enable HTTP enable FTP enable IMAP enable POP3 enable SMTP enable HTTP enable enable block disable HTTP enable enable enable enable FTP enable enable enable block IMAP enable enable block POP3 enable enable block SMTP enable enable enable block

HTTP enable enable enable enable enable IMAP POP3 SMTP

enable enable enable enable tag subject Spam

enable enable enable enable tag MIME Spam: abc

enable enable enable enable enable enable enable discard

Nov 2005

Page: 13

Firewall Report for Customer XYZ

4. User
4.1 Local User
User Name admin-user user Type Local Local Status

4.2 Radius
Name OTP_Server Server Name/IP 192.168.10.54

4.3 LDAP
Name intern_LDAP Server Name/IP 192.168.10.55 Port 389 Common Name Identifier Distinguished Name cn

4.4 User Group


Group Name admin-group user-group Members "admin-user" "OTP_Server" "intern_LDAP" Protection Profile scan strict

Nov 2005

Page: 14

Firewall Report for Customer XYZ

5. VPN
5.1 IPSec
5.1.1 Phase 1
Gateway Name Branch_Geneve Remote Gateway Static/30.30.30.30
P1 Proposal XAuth Nat-traversal Keepalive Frequency Dead Peer Detection

Mode main
DH Group Keylife disable enable enable

Encr./Auth. Algorithm 3des-sha1


5 28800

Peer Options Accept any peer ID

Mobile-U1

Dialup
P1 Proposal XAuth Nat-traversal Keepalive Frequency Dead Peer Detection

aggressive
DH Group Keylife Enable as Server Usergroup: enable enable

aes256-sha1
5 28800 mixed "user-group"

Accept this peer ID: "user-1"

Mobile-U2

Dialup
P1 Proposal XAuth Nat-traversal Keepalive Frequency Dead Peer Detection

aggressive
DH Group Keylife Enable as Server Usergroup: enable enable

aes192-sha1
5 28800 mixed "user-group"

Accept this peer ID: "user-2"

5.1.2 Phase 2
Tunnel Name Mobile-T1 Remote Gateway "Mobile-U1" Encr./Auth. Algorithm aes256-sha1
enable enable 1800 (Seconds) disable None Use selectors from policy DH group: 5

Concentrator

Enable replay detection Enable perfect forward secrecy(PFS) Keylife Autokey Keep Alive Internet browsing Quick Mode Identities

Mobile-T2

"Mobile-U2"

aes256-sha1 aes192-sha1 3des-md5


enable enable 1800 (Seconds) disable None Use selectors from policy DH group: 5

Enable replay detection Enable perfect forward secrecy(PFS) Keylife Autokey Keep Alive Internet browsing Quick Mode Identities

Tu-Geneve

"Branch_Geneve"

aes192-sha1 3des-sha1
enable enable 1800 (Seconds) disable None Use selectors from policy DH group: 5

Enable replay detection Enable perfect forward secrecy(PFS) Keylife Autokey Keep Alive Internet browsing Quick Mode Identities

5.2 PPTP
Status Enable Starting IP 192.168.10.110 Ending IP 192.168.10.112 User Group admin-group

Nov 2005

Page: 15

Firewall Report for Customer XYZ

5.3 L2TP
Status Disable Starting IP Ending IP User Group

Nov 2005

Page: 16

Firewall Report for Customer XYZ

6. Anti-Virus
6.1 File Block
Pattern *.bat *.com *.dll *.doc *.exe *.gz *.hta *.pif *.ppt *.rar *.scr *.tar *.tgz *.vb? *.wps *.xl? *.zip HTTP enable enable enable enable enable enable enable enable enable enable enable enable enable enable FTP enable enable enable enable enable enable enable enable enable enable enable enable enable enable IMAP enable enable enable enable enable enable enable enable enable enable enable enable enable enable POP3 enable enable enable enable enable enable enable enable enable enable enable enable enable enable SMTP enable enable enable enable enable enable enable enable enable enable enable enable enable enable

6.2 Config
6.2.1 Oversize Threshold Configuration
Protocol HTTP FTP IMAP POP3 SMTP max. filesize to scan 25 MBs 25 MBs 25 MBs 25 MBs 25 MBs max. uncompressed size to scan 25 MBs 25 MBs 25 MBs 25 MBs 25 MBs Ports 80 21 143 110 25

6.2.2 Grayware
Category Adware BHO Dial Download Game HackerTool Hijacker Joke Keylog Misc NMT P2P Plugin RAT Spy Toolbar Status enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable

Nov 2005

Page: 17

Firewall Report for Customer XYZ

7. Web Filter
7.1 Category Block Configuration
Options FortiGuard Service Cache Status enable

7.2 Script Filter


Filtering Options Java Applet Cookie ActiveX Status enable enable

Nov 2005

Page: 18

Firewall Report for Customer XYZ

8. Log & Report


8.1 Log Setting
Syslog WebTrends Disk Maximum size of log file: Roll log time Roll Log Frequency Roll log day Roll log policy Level Upload When Rolling Memory Fortilog Name/IP Level Encrypt Local ID disabled disabled enabled 100 MB 0:0:0 (hh:mm:ss) 24 hour sunday overwrite information disabled disabled enabled 194.191.86.36 information

Nov 2005

Page: 19

Firewall Report for Customer XYZ

8.2 Log Filter


Syslog Traffic Log Policy allowed traffic Policy violation traffic Event Log System Activity event IPSec negotiation event DHCP service event L2TP/PPTP/PPPoE service event Admin event HA activity event Firewall authentication event Pattern update event Anti-virus Log Virus infected Filename blocked File oversized Web Filter Log Content block URL block URL exempt Blocked category ratings Monitored category ratings Category rating errors Attack Log Attack Signature Attack Anomaly Spam Filter Log SMTP POP3 IMAP enable enable enable WebTrends Disk enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable Memory Fortilog enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable Alert E-mail

Nov 2005

Page: 20