Dear team, good afternoon.
I have a question: From the alert sent by fortinet about Akira Ransomware, what recommendations should be taken into account in fortigate?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
HI @unknown1020
It's in the FG's AV database. You can detect this malware and stop it by enabling deep inspection and AV profile.
Does the AV profile only work with the ssl deep inspection profile?
Since I have policies that have the AV in monitor mode, however, I do not view events. The policies have SSL inspection enabled.
If you use only http then no need for deep inspection, but I guess you use https most of the time, so you need deep inspection otherwise your FortiGate can't see the traffic content, so it can't scan it and can't detect any malware.
The internet exit policies created in the firewall have "all" enabled in services, so I should enable deep inspection so that it shows me logs from the AV profile, correct?
Created on 04-24-2024 03:29 PM Edited on 04-24-2024 03:30 PM
Absolutely, because https is 99.99% of the internet web browsing.
Edit: 99.9999%
But when enabling deep inspection, what considerations should I take into account? Will that profile not proceed to block pages due to certificate issues?
Both deep inspection and simple certificate inspection can block pages due to certificate issue, like expired certificate, untrusted certificate and so, but this is tunable in the related profile and you can.
You start by cloning the default profiles, they are good ones.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.