Professional Documents
Culture Documents
Antivirus
Module 7
2013 Fortinet Training Services. This training may not be recorded in any medium, disclosed, copied, reproduced or
1 distributed to anyone without prior written consent of an authorized representative of Fortinet. Rev. 20130215-C
Module Objectives
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
Conserve Mode
Conserve Mode
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
AV Fail-Open
There are currently two conditions that can cause the FortiGate unit to
operate in AV fail-open mode:
The system is low on memory and has entered conserve mode
The individual proxy pool is full (no free connections are available)
With the first condition, low memory, the av-failopen setting will be
applied
The default for this setting is Pass
AV Fail-Open
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
AV Fail-Open
Antivirus
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
.jpg
Proxy-Based Scanning
10
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
Flow-Based Scanning
File is scanned on a
packet-by-packet basis as
it passes through the
FortiGate unit
Faster scanning, but lower
accuracy rate
Difficulty in catching virus
variants
Only available on certain
models
Non-proxy scanning
11
Virus Scanning
Regular
Extended
Extreme
Flow-based
12
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
Unknown Viruses
13
Known Virus
14
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
Heuristics Scanning
Virus-like attribute
+ Virus-like attribute
+ Virus-like attribute
15
Antivirus Profiles
16
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
17
Quarantine
Infected, blocked or
suspicious files can be
quarantined to the hard
drive on the FortiGate
unit or to the
FortiAnalyzer device
Files quarantined based
on their protocol
? Local hard drive
Information regarding
quarantined files is
displayed in the logs FortiAnalyzer
18
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
Logs
19
Labs
20
01-50000-0201-20130215-C
Course 201 - Administration, Content Inspection and VPNs Antivirus
21
01-50000-0201-20130215-C