Fortigate Antivirus

Hi mikipetri74,

I don't think anyone responded to you on this topic- I'd hate you to think the Fortinet Forum's aren't able to help you!

The Fortigates are full UTM applicances. So yes, correctly setup, they will scan all incoming and outgoing traffic for viruses.

FortiClient is completely separate, but will integrate with the FortiGate to provided end to end visibility of traffic as part of the Fortinet Security Fabric. Again, that depends on setup and depending on your software versions will likely require FortiClient EMS to manage the FortiClient endpoint protection.

To configure antivirus scanning requires the correct licences and then an anti-virus profile added to your ipv4 (or ipv6) policy. It's pretty simple to setup and the https://docs.fortinet.com/ site has pretty good documentation to describe how it all works.

There are some catches of course- the Fortigate can't look inside encrypted connections by default. So an HTTPS sessions (for example) may allow a virus to bypass the Fortigate anti-virus scanning. You can get around this by using "deep- inspection" which intercepts the connection and allows scanning. It can be problematic though- and will break sites that use certificate pinning (for example).

The Fortigate will also by default only scan "small" files. Again, this is dependent on config but I think is 10MB file size by default- generally that isn't an issue as most viruses are small in size.

But, with all that said- the Fortigate is a great way to protect yourself or your business from threats including viruses.

It sounds like you also need to read up on the other capabilities- for example application control and intrusion detection- these are also important features to protect your network (again, plenty of detail on the docs sites).

Good luck.

Kind Reagrds,

Andy.