Please enable JavaScript.
Coggle requires JavaScript to display documents.
Day 10 – Antivirus Configuration - Coggle Diagram
Day 10 – Antivirus Configuration
FortiGate Antivirus Capabilities
What is Antivirus Protection
Detects, blocks, and prevents viruses, malware, and malicious software
Why Antivirus is Important
Prevents malware spread, controls inbound and outbound traffic
FortiGate’s Antivirus Role
Signature-based detection, Behavioral-based detection, Heuristic analysis
Antivirus Components
Signature Databases (FortiGuard AV Service)
Regular updates with virus/malware signatures
AI Scan
Detects new or unknown malware using machine learning and pattern recognition
Grayware Scan
Detects unwanted software like adware and spyware
Antivirus Scanning Modes
Flow-Based Inspection
Fast, optimized for performance, scans in real-time without fully unpacking files
Proxy-Based Inspection
Slower but more thorough, fully inspects files and their contents
Proxy-Based Inspection Requirements
Requires more resources (more than 2GB of RAM)
Advanced AV Features
Virus Outbreak Prevention (VOS)
Proactively prevents new malware outbreaks by analyzing network traffic
External Malware Blocklist
Blocks known malware sources using external blocklist updates
EMS Threat Feed
Fortinet’s real-time threat intelligence feed to protect against emerging threats
Content Disarm and Reconstruction (CDR)
Removes malicious content from files (e.g., removing embedded viruses in documents)
Configuring Protocol Options for AV Inspection
Protocols for Inspection
HTTP/HTTPS, FTP, SMTP/POP3/IMAP, SMB
Configuring Antivirus Profiles
Set up antivirus profiles in the FortiGate firewall, apply them to policies to scan specific protocols