Created on 10-16-2014 05:32 AM Edited on 05-26-2022 12:06 PM By Anonymous
Description
Scope
Solution
config antivirus settingsset default-db normalend
2) Reduce these TCP and UDP session timers:
3) Change the global inspection mode to flow-based from proxy:config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 8
set udp-idle-timer 90
end
-Instructions for FortiOS 5.4 can be found here.
-Instructions for FortiOS 5.6 can be found here.
4) Change default session TTL:
5) Lower AV threshold to 1MB for all protocols in "default" proxy options profile:config system session-ttl
set default 300
end
If a custom proxy option profile has been created, then the "edit default" line should be changed to "edit {your profile name}".
config firewall profile-protocol-options
edit default
config http
set oversize-limit 1
end
config ftp
set oversize-limit 1
end
config imap
set oversize-limit 1
end
config mapi
set oversize-limit 1
end
config pop3
set oversize-limit 1
end
config smtp
set oversize-limit 1
end
config nntp
set oversize-limit 1
end
next
end
6) Disable logging to memory:
config log memory setting
set status disable
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.