Fortiweb Administration Guide V4.0.1 Revision 5
Total Page:16
File Type:pdf, Size:1020Kb
FortiWeb™ Web Application Security Version 4.0 MR1 Patch 1 Administration Guide FortiWeb™ Web Application Security Administration Guide Version 4.0 MR1 Patch 1 Revision 5 13 December 2010 © Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc. Trademarks Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Regulatory compliance FCC Class A Part 15 CSA/CUS Caution: Risk of explosion if the battery on the main board is replaced by an incorrect type. Dispose of used batteries according to instructions. Caution: The Fortinet equipment is intended for installation in a Restricted Access Location. Contents Contents Introduction .............................................................................................. 9 Scope ............................................................................................................................. 10 Conventions .................................................................................................................. 11 IP addresses............................................................................................................. 11 Cautions, Notes, & Tips............................................................................................ 11 Typographical conventions....................................................................................... 11 Command syntax conventions.................................................................................. 12 Characteristics of XML threats .................................................................................... 14 Characteristics of HTTP threats .................................................................................. 15 What’s new ............................................................................................. 19 New in this release ................................................................................................... 19 New in document Revision 4 .................................................................................... 20 About the web-based manager............................................................. 21 System .................................................................................................... 25 Viewing the system statuses ....................................................................................... 25 System Information widget ....................................................................................... 27 Changing the FortiWeb unit’s host name ........................................................... 29 System Resources widget ........................................................................................ 29 CLI Console widget................................................................................................... 30 Alert Message Console widget ................................................................................. 31 Service Status widget ............................................................................................... 32 Policy Summary widget ............................................................................................ 33 Configuring the network and VLAN interfaces .......................................................... 34 Adding a VLAN subinterface..................................................................................... 37 Configuring V-zones (bridges).................................................................................. 39 Configuring fail-open................................................................................................. 42 Configuring the DNS settings ...................................................................................... 42 Configuring high availability (HA) ............................................................................... 43 About the heartbeat and synchronization ................................................................. 47 Configuring the SNMP agent ....................................................................................... 48 Configuring an SNMP community............................................................................. 49 Configuring DoS protection ......................................................................................... 51 Configuring the operation mode ................................................................................. 52 Viewing RAID Status..................................................................................................... 54 Configuring administrator accounts ........................................................................... 55 About trusted hosts................................................................................................... 58 Configuring access profiles....................................................................................... 58 About permissions .................................................................................................... 60 FortiWeb™ Web Application Security Version 4.0 MR1 Patch 1 Administration Guide Revision 5 3 http://docs.fortinet.com/ • Feedback Contents Configuring the web-based manager’s global settings ............................................ 61 Managing certificates ................................................................................................... 64 Managing local and server certificates ..................................................................... 64 Generating a certificate signing request............................................................. 66 Downloading a certificate signing request.......................................................... 68 Uploading a certificate........................................................................................ 68 Managing OCSP server certificates.......................................................................... 70 Managing CA certificates.......................................................................................... 70 Grouping CA certificates .................................................................................... 71 Managing certificates for intermediate CAs ....................................................... 72 Grouping certificates for intermediate CAs ........................................................ 73 Managing the certificate revocation list..................................................................... 74 Configuring certificate verification rules.................................................................... 75 Backing up the configuration & installing firmware .................................................. 76 Configuring the time & date ......................................................................................... 77 Uploading signature updates....................................................................................... 79 Scheduling signature updates..................................................................................... 80 Using the FortiWEB Setup Wizard............................................................................... 81 Using the Setup Wizard to perform system configuration......................................... 82 Using the Setup Wizard to perform web protection .................................................. 86 Using the Setup Wizard to configure logs and reports ............................................. 92 Router...................................................................................................... 95 Configuring static routes ............................................................................................. 95 User ......................................................................................................... 97 Configuring local users ................................................................................................ 97 Configuring LDAP user queries................................................................................... 98 Configuring NTLM user queries ................................................................................ 101 Grouping users ........................................................................................................... 102 Server Policy ........................................................................................ 105 Configuring policies ................................................................................................... 105 Enabling or disabling a policy ................................................................................. 115 Configuring virtual servers .......................................................................................