Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Akira Ransomware

Dear team, good afternoon.
I have a question: From the alert sent by fortinet about Akira Ransomware, what recommendations should be taken into account in fortigate?

7 REPLIES 7
AEK
SuperUser
SuperUser

HI @unknown1020 

It's in the FG's AV database. You can detect this malware and stop it by enabling deep inspection and AV profile.

AEK
AEK
unknown1020
New Contributor III

Does the AV profile only work with the ssl deep inspection profile?

Since I have policies that have the AV in monitor mode, however, I do not view events. The policies have SSL inspection enabled.

AEK

If you use only http then no need for deep inspection, but I guess you use https most of the time, so you need deep inspection otherwise your FortiGate can't see the traffic content, so it can't scan it and can't detect any malware.

AEK
AEK
unknown1020
New Contributor III

The internet exit policies created in the firewall have "all" enabled in services, so I should enable deep inspection so that it shows me logs from the AV profile, correct?

AEK

Absolutely, because https is 99.99% of the internet web browsing.

 

Edit: 99.9999%

AEK
AEK
unknown1020
New Contributor III

But when enabling deep inspection, what considerations should I take into account? Will that profile not proceed to block pages due to certificate issues?

AEK

Both deep inspection and simple certificate inspection can block pages due to certificate issue, like expired certificate, untrusted certificate and so, but this is tunable in the related profile and you can.

You start by cloning the default profiles, they are good ones.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors