I am planning to enforce Antivirus filtering to Internet bound traffic on Fortigate running 7.2.4. I wonder how I can make exceptions for any potential false positives without turning off the filtering altogether?
To set up exceptions for potential false positives in antivirus filtering on your Fortigate 7.2.4, there are several options:
URL Filter: You can exclude certain URLs or domains from antivirus filtering by adding them to the list of allowed URLs or domains. To do this, go to Security Profiles > Web Filter > URL Filter and add the URLs or domains to the list of allowed URLs. File types: You can exclude certain file types from antivirus filtering by adding them to the list of allowed file types. To do this, go to Security Profiles > AntiVirus > Profiles and select the profile type you want to edit. Click "Edit" and select the "File Types" tab. Add the file types to the list of allowed file types. IP addresses: You can exclude certain IP addresses from antivirus filtering by adding them to the list of allowed IP addresses. To do this, go to Security Profiles > AntiVirus > Profiles and select the profile type you want to edit. Click "Edit" and select the "IP Address" tab. Add the IP addresses to the list of allowed IP addresses. However, it is important to make sure that you do not exclude any potentially dangerous websites, files or IP addresses from antivirus filtering. Make sure that you only set up exceptions for trusted sources and keep the exceptions to a minimum to ensure the security of your network.
@Christian_89@pgautam Thank you very much for the responses. I am looking to exempt a signature or an IP for a specific signature. I used to do those types of exceptions with PaloAlto and wondering if Fortinet allows me to do that?
Yes, Fortinet allows you to create exceptions for specific signatures or IPs using its security policies. The following are the steps to create an exception in Fortinet. 1:
1. log in to your Fortinet device and navigate to the Security Profiles menu. 2. select the profile that contains the signature you want to exclude, such as the Antivirus profile. Click the Exclusions tab, and then click Add Exception. 4. Select the signature to exclude from the drop-down list, or enter the IP address or range to exclude. 5. Select the action you want to apply to the exception, such as "Allow" or "Disable". 6. Give the exception a name and description, and then click OK to save the exception.
After you create the exception, you can apply it to a specific security policy or globally to all policies that use the selected profile. To apply it to a specific policy, go to Policy Configuration, select the profile you modified, and then select the exception you created.
Remember that creating too many exceptions can reduce the effectiveness of your security measures. Therefore, it is important to carefully consider which signatures or IPs to exclude, and to regularly review and update the exceptions as needed.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.