I would like to block malware files. On my gateway firewall, what filetypes should I block? . If I block only exe/DLL files getting dowloaded, will it help to avoid final malware getting executed ? What I would like to understand is, even if I allow communication with Command and Control (C2) servers, if I block executable/dll files, will it really block malware ultimate purpose?. Final payload will be only executable like exe/dll?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Well that might not answer you question, but concerning C&C Servers (Botnets) it is important to activate the "Block Connections to botnet-servers" in DNS security filter.
Next thing is, that you have to allow SSL Deep Inspection, so all SSL traffic can be scanned, which leads to the next point: If you activate deep-inspection in policies, you have to import the fortigates cert to the clients browsers. If you don't do so, you will get a cert-warning on every ssl site you open.
For filetype-blocking you will have to use the webfilter, or DLP (which is removed from GUI in Forti-OS 6.2.3) AND your policies have to be in proxymode to make the filefilter (webfilter) work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.