Configuring CIFS Traffic Scanning on FortiGate
Introduction to CIFS Support on FortiGate
Understanding CIFS (Common Internet File System) support on FortiGate firewalls is crucial for efficient network security management. By configuring CIFS traffic scanning and file filtering, administrators can enhance protection against threats transferred through CIFS protocols.
Why Configure CIFS Antivirus and File Filtering?
The CIFS inspection features on FortiGate allow the detection and prevention of malicious files moving across the network. By leveraging antivirus scanning and file filtering, potential infections can be blocked before they impact your network security.
Steps to Configure CIFS Support on FortiGate
1. Configure a CIFS Domain ControllerWhen dealing with encrypted CIFS traffic, specifying a domain controller is essential. This configuration tells FortiGate where the domain controller is located and includes setting up superuser credentials.
config user domain-controlleredit "SERVER_NAME"
set hostname "host"
set domain-name "EXAMPLE.COM"
set username "admin-super"
set password *********
set ip 172.16.201.40
next
end
2. Create a CIFS Profile
This involves setting the server credential type. The options include 'none', 'credential-replication', and 'credential-keytab'.
None Modeconfig firewall profile-protocol-options
edit "cifs"
config cifs
set server-credential-type none
end
next
end
Credential-Replication Mode
config firewall profile-protocol-options
edit "cifs"
config cifs
set server-credential-type credential-replication
set domain-controller "SERVER_NAME"
end
next
end
Credential-Keytab Mode
config firewall profile-protocol-options
edit "cifs"
config cifs
set server-credential-type credential-keytab
config server-keytab
edit "keytab1"
set keytab "Base64EncodedString"
next
end
end
next
end
3. Configure CIFS File Filtering
File filtering helps in blocking specific file types on CIFS traffic. Here's how you can set up rules to block specific file types, for instance, ZIP files.
config file-filter profileedit "cifs"
set comment "block zip files on unencrypted cifs traffic"
set feature-set flow
set log enable
config rules
edit "rule1"
set protocol cifs
set action block
set direction any
set file-type zip
next
end
next
end
4. Configure an Antivirus Profile
An antivirus profile ensures that any malicious files are detected and addressed promptly. Here are some options you can configure:
config antivirus profileedit "av"
config cifs
set av-scan {disable | block | monitor}
set outbreak-prevention {disable | block | monitor}
set external-blocklist {disable | block | monitor}
end
next
end
Conclusion
By configuring CIFS support on your FortiGate, you safeguard your network against potential threats embedded in CIFS traffic. The detailed configuration options for domain controllers, file filtering, and antivirus profiles offer a comprehensive security approach, enabling effective real-time threat management and secure file transfers. Keep your network secure by staying proactive with CIFS traffic scanning on FortiGate.