Email filter

Spam is a common means by which attacks are delivered. Users often open email attachments they should not, and infect their own machine.

l Enable email filtering at the network edge for all types of email traffic. l Use FortiClient endpoint IPS scanning for protection against threats that get into your network. l Subscribe to the FortiGuard AntiSpam Service.

URL filtering

Best practices for URL filtering can be divided into four categories: flow-based versus proxy based filtering; local category/rating feature; URL filter ‘Exempt’ action; and Deep Scan.

Flow-based versus proxy-based

Try to avoid mixing flow-based and proxy-based features in the same profile if you are not using IPS or Application Control.

Local category/rating feature

Local categories and local rating features consume a large amount of CPU resources, so use these features as little as possible. It is better to use Local categories instead of using the ‘override’ feature, since the ‘override’ feature is more complicated and more difficult to troubleshoot.

URL filter ‘Exempt’ action

When using the URL filter ‘Exempt’ option,webfilter, antivirus and dlp scans are bypassed by default, so use this option only for trusted sites.

Configuration notes: You need to configure ‘Exempt’ actions in the URL filter if you want to bypass the FortiGuard

Web Filter.You can configure which particular inspection(s) you want to bypass using the set exempt command in config webfilter urlfilter.

Deep Scan

The ‘Deep Scan’ feature is much heavier on resources than ‘HTTPS URL Scan Only’. Deep Scan is much more accurate, since many sites (such as various Google applications) cannot be scanned separately without deep scanning enabled.