Hi All,
Will the setup able to inspect the file from client PC to the RDP host? My config will be source "client" destination "jumphost" all UTM turned ON with deep inspection. So my concern if the client has a encrypted malware to be copy into the host, will FGT able inspect and drop the connection/ packet? OR my setup is wrong?
Thanks!
As far as I know RDP/VNC protocols aren't supported yet in utm file inspection (it can be identified as rdp or vnc traffic in application control utm). Data could be encrypted with password or certificate. Can ask TAC support for more details and TAC may file an NFR mantis bug. Dev will investigate if feasible to support (protocol could be very complex), then give time estimation to finish the feature. It is recommended to request new protocols support (as customer feedback) thru TAC support to keep the utm security features upto date . Thanks.
Hello @sub7even ,
Your setup with FortiGate and UTM features can help inspect and block malicious files, including encrypted ones.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/122078/deep-inspection
The FortiGate UTM features should be able to inspect and analyze files, including encrypted ones, if they are decrypted or temporarily decrypted during the transfer. Encrypted traffic, like HTTPS or SSL-encrypted RDP, can be challenging to inspect. The FortiGate device can use SSL inspection techniques to decrypt SSL-encrypted traffic, inspect it, and then re-encrypt it for delivery.
FortiGate devices typically use signature-based detection to identify known threats
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/213498/signature-based-defense
let us know if you have any queries
Thanks,
Pavan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.