FortiGate Deep Inspection Security Profiles

Slide 1: Introduction to Security Profiles

  • Security Profiles = Inspection mechanisms applied after firewall policy match

  • Protect users & network from:

  • Malware
  • Intrusions
  • Web-based risks
  • Data leakage
  • Botnets

  • Applied per firewall policy

Slide 2: Types of Security Profiles

  • Antivirus (AV)
  • Web Filter
  • DNS Filter
  • Application Control (AppCtrl)
  • IPS (Intrusion Prevention System)
  • SSL/SSH Inspection
  • Anti-Spam
  • DLP (Data Loss Prevention)
  • Sandboxing (FortiSandbox)
  • Botnet / C&C Protection

Slide 3: Antivirus (AV)

Detects & blocks viruses, malware, ransomware

Modes:

  • Flow-based
  • Proxy-based

 

Features:

  • Inline Antivirus
  • Heuristics & signatures
  • File quarantine
  • Cloud lookup (FortiGuard)

Slide 4: Web Filter

  • Controls access to websites
  • Category-based filtering (e.g., Social Media, Gambling)
  • URL filtering with allow/block/monitor
  • Safe Search enforcement
  • Block malware & phishing URLs

Slide 5: DNS Filter

  • Filters DNS queries
  • Blocks malicious domains before IP resolution
  • Real-time DNS rating
  • Detects C&C/botnet, phishing domains
  • Safer and faster than full web filtering

Slide 6: Application Control

  • Identifies & controls applications (5000+)
  • Blocks risky apps (VPN tools, torrents, proxies)
  • Granular control (allow, block, throttle, monitor)
  • Detects app signatures, behavior, ports

Slide 7: IPS (Intrusion Prevention System)

  • Protects against network attacks:

  • Exploits
  • DoS
  • Vulnerability scans

  • Uses FortiGuard IPS signatures

  • Virtual patching (protects before actual patching)

Slide 8: SSL/SSH Inspection

  1. Decrypts and scans encrypted traffic

Types:

  1. Full SSL Inspection
  2. Certificate Inspection

Needed for:

  • AV scanning
  • Web Filter
  • App Control
  • DLP

Slide 9: Anti-Spam

  • Filters spam in SMTP/IMAP/POP3

    Checks:

    1. IP reputation

    2. DNSBL

    3. Content patterns

  • Blocks malicious email domains

Slide 10: Data Loss Prevention (DLP)

  • Prevents unauthorized data transmission

  • Detects:

  • Credit cards
  • IDs
  • File types
  • Sensitive keywords

  • Supports watermarking & fingerprinting

Slide 11: Sandboxing

  • Sends suspicious files to FortiSandbox
  • Detects zero-day malware
  • Uses behavioral analysis
  • Integrates with AV, SPAM, Web filter

Slide 12: Botnet / C&C Protection

  • Blocks known Command & Control (C2) servers
  • Monitors unusual outbound traffic
  • Uses real-time threat intelligence from FortiGuard

Slide 13: Security Profiles in Firewall Policy

  • Profiles applied after policy match

  • Order of inspection (typical):

    1. SSL Inspection

    2. Web/DNS Filter

    3. App Control

    4. IPS

    5. AV

    6. DLP

  • Different profiles for different traffic types (LAN→WAN, Guest→Internet)

Slide 14: Best Practices

  • Enable SSL inspection for maximum visibility
  • Apply DNS Filter + Web Filter for strong web security
  • Keep FortiGuard updates enabled
  • Use flow-based inspection for high performance
  • Enable logging for all profiles
  • Test policy changes during maintenance windows

Slide 15: Summary

Security Profiles = full UTM inspection 

Essential for:

  • Malware defense
  • Web protection
  • App visibility
  • Network threat prevention

  • Regularly update signatures & monitor logs