Professional Documents
Culture Documents
Fortinet Configuration Report: Hostname: "FG3600-Internet"
Fortinet Configuration Report: Hostname: "FG3600-Internet"
Fortinet Configuration Report: Hostname: "FG3600-Internet"
Hostname: "FG3600-Internet"
This is an example documentation made with AUTODOC. For more information please visit www.autodoc.ch
FortiGate FG3600
Firmware Version 2.80 build489 build date 051027 Report printed on SCSY-2 at 11/28/05 18:09:22 with autoDOC Version 6.10
1. System Configuration
Fortigate is configured in Route/NAT mode.
202.22.22.1 202.22.22.22 255.255.255.192 port1: pppoe port2: 10.10.10.1 255.255.255.0 port3: 192.168.210.100 255.255.255.0 port4: 192.168.220.100 255.255.255.0 192.168.10.99 255.255.255.0
1.1 Status
Paramater Host Name Operation Mode Key FG3600-Internet Route/NAT
1.2 Network
1.2.1 Interface
Name external internal port1 port2 port3 port4 IP - Netmask 202.22.22.22 255.255.255.192 192.168.10.99 255.255.255.0 pppoe 10.10.10.1 255.255.255.0 192.168.210.100 255.255.255.0 192.168.220.100 255.255.255.0 Access ping https ssh ping ping Ping Server 202.11.11.11 80.11.11.11 MTU Log enable enable
Nov 2005
Page: 1
1.2.2 DNS
DNS Server Primary Secondary IP 195.186.1.121 195.186.4.121
1.3 DHCP
1.3.1 Service
Interface external internal Service NONE DHCP Server
Name Domain Default Gateway IP Range / Network Mask Lease Time DNS Server WINS Server Options "internal_dhcp_server" 192.168.10.99 192.168.10.210-192.168.10.220 / 255.255.255.0 7 days, 0 hours, 0 minutes 192.168.10.99
1.4 Config
1.4.1 Time
Timezone (GMT+01:00) Amsterdam, Berlia, Bern, Rome, Stockholm, Vienna Adjust for Daylight Saving Changes enable
Nov 2005
Page: 2
1.4.2 Options
Parameter Idle Timeout Auth Timeout Web Administration - Language LCD Panel Dead Gateway Detection Key 20 30 english enable (XXXXXX) Detection Interval: 5 (seconds) Fail-over Detection: 5 (lost consecutive pings)
Nov 2005
Page: 3
file block message oversized file message banned word message URL block message client block client anti-virus
"<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to download the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\". </p><p>URL = http://%%URL%%</p><p>File quarantined as: %%QUARFILENAME%%.</p></BODY></HTML>" "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to download the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>" "<HTML><BODY> <h2>Attention!!!</h2><p>The file \"%%FILE%%\" has been blocked. The file is larger than the configured file size limit.</p> <p>URL = http://%%URL%%</p> </BODY></HTML>" "<HTML><BODY>The page you requested has been blocked because it contains a banned word. URL = http://%%URL%%</BODY></HTML>" "<HTML><BODY>The URL you requested has been blocked. URL = %%URL%%</BODY></HTML>" "<HTML> <BODY> <h2>High security alert!!!</h2> <p>You are not permitted to upload the file \"%%FILE%%\".</p> <p>URL = http://%%URL%%</p> </BODY> </HTML>" "<HTML><BODY><h2>High security alert!!!</h2><p>You are not permitted to upload the file \"%%FILE%%\" because it is infected with the virus \"%%VIRUS%%\". </p><p>URL = http://%%URL%%</p><p>File quarantined as: %%QUARFILENAME%%.</p></BODY></HTML>" "<HTML><BODY> <h2>Attention!!!</h2><p>Your request has been blocked. The request is larger than the configured file size limit.</p> <p>URL = http://%%URL%%</p> </BODY></HTML>" "<HTML><BODY>The page you uploaded has been blocked because it contains a banned word. URL = http://%%URL%%</BODY></HTML>"
FTP virus message blocked message oversized message Alert Mail test message virus message block message intrusion message critical event message disk full message
"Transfer failed. The file %%FILE%% is infected with the virus %%VIRUS%%. File quarantined as %%QUARFILENAME%%." "Transfer failed. You are not permitted to transfer the file \"%%FILE%%\"." "File size limit exceeded."
"Virus/Worm detected: %%VIRUS%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " "File Block Detected: %%FILE%% Protocol: %%PROTOCOL%% Source IP: %%SOURCE_IP%% Destination IP: %%DEST_IP%% Email Address From: %%EMAIL_FROM%% Email Address To: %%EMAIL_TO%% " "The following intrusion was observed: %%NIDS_EVENT%%." "The following critical firewall event was detected: %%CRITICAL_EVENT%%." "The log disk is Full."
Nov 2005
Page: 4
Spam Email IP RBL/ORDBL message HELO/EHLO domain Email address Mime header Returned email domain Banned word FortiShield URL block Category Block URL block message
"Mail from this IP address is not allowed and has been blocked." "This message has been blocked because it is from a RBL/ORDBL IP address." "This message has been blocked because the HELO/EHLO domain is invalid" "Mail from this email address is not allowed and has been blocked." "This message has been blocked because it contains an invalid header." "This message has been blocked because the return email domain is invalid." "This message has been blocked because it contains a banned word."
"<html><head><title>Webfilter Violation</title></head><body><font size=2><table width=\"100%\"><tr><td>%%FORTINET%%</td></tr><tr><td bgcolor=#ff6600 align=\"center\"><font color=#ffffff><b>Web Page Blocked</b></font></td></tr></table><br><br>You have tried to access a web page which is in violation of your internet usage policy.<br><br>URL: %%URL%%<br>Category: %%CATEGORY%%<br><br>To have the rating of this web page re-evaluated please contact your administrator.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>" "<html><head><title>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</title></head><body><font size=2><table width=\"100%\"><tr><td>%%FORTIGUARD%%</td><td align=\"right\">%%FORTINET%%</td></tr><tr><td bgcolor=#3300cc align=\"center\" colspan=2><font color=#ffffff><b>%%HTTP_ERR_CODE%% %%HTTP_ERR_DESC%%</b></font></td></tr></table><br><br>The webserver for %%URL%% reported that an error occurred while trying to access the website. Please click <u><a onclick=\"history.back()\">here</a></u> to return to the previous page.<br><br><hr><br>Powered by %%SERVICE%%.</font></body></html>"
1.5 Admin
1.5.1 Administrators
Adminstrator admin monitor Permission prof_admin read Trusted Host #1 192.168.10.0 255.255.255.0 Trusted Host #2 Trusted Host #3
"read"
Access Control System Configuration Log & Report Security Policy Auth Users Admin Users FortiProtect Update System Shutdown
Write
Nov 2005
Page: 5
2. Router
2.1 Static Routes
# 1 2 3 Destination IP / Mask 0.0.0.0 0.0.0.0 10.10.11.0 255.255.255.0 10.10.12.0 255.255.255.0 Gateway 202.22.22.1 10.10.10.250 10.10.10.111 Device external port2 port2 Distance 10 10 10
2.2 RIP
2.2.1 General
Parameter RIP Version Default Metric Default-information-originate RIP Timers Redistribute Value 1 1 disable Update 30 (seconds) Timeout 180 (seconds) Connected Static Garbage 120 (seconds) disabled disabled
Nov 2005
Page: 6
3. Firewall
3.1 Policy Overview
3.1.1 external -> port2
ID 11 8 9 Source pptp-range all all Destination Schedule DMZ_All always VIP_WebServer always VIP_SMTP_Server always Service ANY http smtp Action accept accept accept NAT Anti-VirusLog enable strict strict Status enable enable enable
enable enable
Nov 2005
Page: 7
Subnet 0.0.0.0 0.0.0.0 Port Forwarding (VIP): external/202.22.22.35 (tcp/80) -> 10.10.10.10 (tcp/80) Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service
Subnet 0.0.0.0 0.0.0.0 Port Forwarding (VIP): external/202.22.22.34 (tcp/25) -> 10.10.10.11 (tcp/25) Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service
Nov 2005
Page: 8
Subnet 192.168.10.0 255.255.255.0 IP 192.168.10.240 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Custom Service: TCP / 1-65535:3389-3389 Allow inbound Allow outbound; Not activated
Subnet 192.168.10.0 255.255.255.0 IP 192.168.10.241 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Allow inbound Allow outbound;
Subnet 0.0.0.0 0.0.0.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: sunday monday tuesday wednesday thursday friday saturday Predefined Service Dynamic IP Pool: disabled; Fixed Port: disabled Not activated
Subnet 192.168.10.0 255.255.255.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: monday tuesday wednesday thursday friday 08:30 18:00 Service Group: "FTP" "HTTP" "HTTPS" "NNTP" "POP3" Dynamic IP Pool: disabled; Fixed Port: disabled
Nov 2005
Page: 9
Subnet 192.168.10.0 255.255.255.0 Subnet 0.0.0.0 0.0.0.0 Recurring Schedule: monday tuesday wednesday thursday friday 08:30 18:00 Service Group: "FTP" "HTTP" "HTTPS" "NNTP" "POP3" Dynamic IP Pool: disabled; Fixed Port: disabled Not activated Usergroups: "admin-group" "user-group"
Nov 2005
Page: 10
3.3.2 Address-Groups
Group Name DMZ_All Member "DMZ_net" "DMZ_11" "DMZ_12"
3.4 Services
3.4.1 Custom Services
Service Name ICA Radius-1 Radius-2 RDP Detail TCP / 1-65535 : 1494-1494 UDP / 1-65535 : 1645-1645 UDP / 1-65535 : 1812-1812 TCP / 1-65535 : 3389-3389
3.5 Schedule
3.5.1 Recurring Schedules
Name always Operational Hours Day sunday monday tuesday wednesday thursday friday saturday monday tuesday wednesday thursday friday Start 00:00 08:30 Stop 00:00 18:00
3.6 Virtual IP
Name VIP_SMTP_Server VIP_WebServer Type Port Forwarding Port Forwarding IP external / 202.22.22.34 external / 202.22.22.35 Service Port tcp / 25 tcp / 80 Map to IP 10.10.10.11 10.10.10.10 Map to Port tcp / 25 tcp / 80
Nov 2005
Page: 11
block
pass
pass
pass
HTTP
IMAP
POP3
SMTP
HTTP enable
FTP enable
IMAP enable
POP3 enable
SMTP enable
Nov 2005
Page: 12
3.7.2 "strict"
Anti-Virus Splice Virus Scan File Block Pass Fragmented Emails Buffer to Disk Oversized File/Email Add signature to outgoing emails Web Filtering Web Content Block Web URL Block Web Exempt List Web Script Filter Web Resume Download Block Web Category Filtering Enable category block Block unrated websites Details for blocked HTTP 4xx and 5xx errors Rate images by URL Allow websites when a rating error occurs Spam Filtering IP address FortiGuard - AntiSpam check URL FortiGuard - AntiSpam check IP address BWL check RBL & ORDBL check HELO DNS lookup E-mail address BWL check Return e-mail DNS check MIME headers check Banned word check Spam Action Append to: Append with: IPS IPS Signature IPS Anomaly Content/Archive Log Display content meta-information on dashboard Archive content meta-information to FortiLog Value enable HTTP enable FTP enable IMAP enable POP3 enable SMTP enable HTTP enable enable block disable HTTP enable enable enable enable FTP enable enable enable block IMAP enable enable block POP3 enable enable block SMTP enable enable enable block
Nov 2005
Page: 13
4. User
4.1 Local User
User Name admin-user user Type Local Local Status
4.2 Radius
Name OTP_Server Server Name/IP 192.168.10.54
4.3 LDAP
Name intern_LDAP Server Name/IP 192.168.10.55 Port 389 Common Name Identifier Distinguished Name cn
Nov 2005
Page: 14
5. VPN
5.1 IPSec
5.1.1 Phase 1
Gateway Name Branch_Geneve Remote Gateway Static/30.30.30.30
P1 Proposal XAuth Nat-traversal Keepalive Frequency Dead Peer Detection
Mode main
DH Group Keylife disable enable enable
Mobile-U1
Dialup
P1 Proposal XAuth Nat-traversal Keepalive Frequency Dead Peer Detection
aggressive
DH Group Keylife Enable as Server Usergroup: enable enable
aes256-sha1
5 28800 mixed "user-group"
Mobile-U2
Dialup
P1 Proposal XAuth Nat-traversal Keepalive Frequency Dead Peer Detection
aggressive
DH Group Keylife Enable as Server Usergroup: enable enable
aes192-sha1
5 28800 mixed "user-group"
5.1.2 Phase 2
Tunnel Name Mobile-T1 Remote Gateway "Mobile-U1" Encr./Auth. Algorithm aes256-sha1
enable enable 1800 (Seconds) disable None Use selectors from policy DH group: 5
Concentrator
Enable replay detection Enable perfect forward secrecy(PFS) Keylife Autokey Keep Alive Internet browsing Quick Mode Identities
Mobile-T2
"Mobile-U2"
Enable replay detection Enable perfect forward secrecy(PFS) Keylife Autokey Keep Alive Internet browsing Quick Mode Identities
Tu-Geneve
"Branch_Geneve"
aes192-sha1 3des-sha1
enable enable 1800 (Seconds) disable None Use selectors from policy DH group: 5
Enable replay detection Enable perfect forward secrecy(PFS) Keylife Autokey Keep Alive Internet browsing Quick Mode Identities
5.2 PPTP
Status Enable Starting IP 192.168.10.110 Ending IP 192.168.10.112 User Group admin-group
Nov 2005
Page: 15
5.3 L2TP
Status Disable Starting IP Ending IP User Group
Nov 2005
Page: 16
6. Anti-Virus
6.1 File Block
Pattern *.bat *.com *.dll *.doc *.exe *.gz *.hta *.pif *.ppt *.rar *.scr *.tar *.tgz *.vb? *.wps *.xl? *.zip HTTP enable enable enable enable enable enable enable enable enable enable enable enable enable enable FTP enable enable enable enable enable enable enable enable enable enable enable enable enable enable IMAP enable enable enable enable enable enable enable enable enable enable enable enable enable enable POP3 enable enable enable enable enable enable enable enable enable enable enable enable enable enable SMTP enable enable enable enable enable enable enable enable enable enable enable enable enable enable
6.2 Config
6.2.1 Oversize Threshold Configuration
Protocol HTTP FTP IMAP POP3 SMTP max. filesize to scan 25 MBs 25 MBs 25 MBs 25 MBs 25 MBs max. uncompressed size to scan 25 MBs 25 MBs 25 MBs 25 MBs 25 MBs Ports 80 21 143 110 25
6.2.2 Grayware
Category Adware BHO Dial Download Game HackerTool Hijacker Joke Keylog Misc NMT P2P Plugin RAT Spy Toolbar Status enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable enable
Nov 2005
Page: 17
7. Web Filter
7.1 Category Block Configuration
Options FortiGuard Service Cache Status enable
Nov 2005
Page: 18
Nov 2005
Page: 19
Nov 2005
Page: 20