Configuring CIFS Traffic Scanning on FortiGate

Published on: 01-13-2025 By Satyam Maurya

Introduction to CIFS Support on FortiGate

Understanding CIFS (Common Internet File System) support on FortiGate firewalls is crucial for efficient network security management. By configuring CIFS traffic scanning and file filtering, administrators can enhance protection against threats transferred through CIFS protocols.

Why Configure CIFS Antivirus and File Filtering?

The CIFS inspection features on FortiGate allow the detection and prevention of malicious files moving across the network. By leveraging antivirus scanning and file filtering, potential infections can be blocked before they impact your network security.

Steps to Configure CIFS Support on FortiGate

1. Configure a CIFS Domain Controller

When dealing with encrypted CIFS traffic, specifying a domain controller is essential. This configuration tells FortiGate where the domain controller is located and includes setting up superuser credentials.

config user domain-controller
edit "SERVER_NAME"
set hostname "host"
set domain-name "EXAMPLE.COM"
set username "admin-super"
set password *********
set ip 172.16.201.40
next
end

2. Create a CIFS Profile

This involves setting the server credential type. The options include 'none', 'credential-replication', and 'credential-keytab'.

None Mode
config firewall profile-protocol-options
edit "cifs"
config cifs
set server-credential-type none
end
next
end

Credential-Replication Mode
config firewall profile-protocol-options
edit "cifs"
config cifs
set server-credential-type credential-replication
set domain-controller "SERVER_NAME"
end
next
end

Credential-Keytab Mode
config firewall profile-protocol-options
edit "cifs"
config cifs
set server-credential-type credential-keytab
config server-keytab
edit "keytab1"
set keytab "Base64EncodedString"
next
end
end
next
end

3. Configure CIFS File Filtering

File filtering helps in blocking specific file types on CIFS traffic. Here's how you can set up rules to block specific file types, for instance, ZIP files.

config file-filter profile
edit "cifs"
set comment "block zip files on unencrypted cifs traffic"
set feature-set flow
set log enable
config rules
edit "rule1"
set protocol cifs
set action block
set direction any
set file-type zip
next
end
next
end

4. Configure an Antivirus Profile

An antivirus profile ensures that any malicious files are detected and addressed promptly. Here are some options you can configure:

config antivirus profile
edit "av"
config cifs
set av-scan {disable | block | monitor}
set outbreak-prevention {disable | block | monitor}
set external-blocklist {disable | block | monitor}
end
next
end

Conclusion

By configuring CIFS support on your FortiGate, you safeguard your network against potential threats embedded in CIFS traffic. The detailed configuration options for domain controllers, file filtering, and antivirus profiles offer a comprehensive security approach, enabling effective real-time threat management and secure file transfers. Keep your network secure by staying proactive with CIFS traffic scanning on FortiGate.