Differences
This shows you the differences between two versions of the page.
|
sred:lab5 [2022/11/18 14:57] horia.stoenescu Updated setup to 7.2.3 |
sred:lab5 [2022/11/18 15:15] (current) horia.stoenescu Updated fgt node |
||
|---|---|---|---|
| Line 41: | Line 41: | ||
| Right click > Add new object Node > Search for 'Fortinet FortiGate' (if you cannot find it, you need to go back to steps t1,t2, and t3) > select the required image name (it is based on the folder name): | Right click > Add new object Node > Search for 'Fortinet FortiGate' (if you cannot find it, you need to go back to steps t1,t2, and t3) > select the required image name (it is based on the folder name): | ||
| - | {{:sred:fgt_node2.png?400|}} | + | {{:sred:fgt_setup_2022.png?450|}} |
| See the configuration (based on [[https://help.fortinet.com/fmgr/vm-install/60/Content/Document/200_Licenses/400_Minimum%20HW%20Required.htm|these]] hardware requirements): | See the configuration (based on [[https://help.fortinet.com/fmgr/vm-install/60/Content/Document/200_Licenses/400_Minimum%20HW%20Required.htm|these]] hardware requirements): | ||
| Line 179: | Line 179: | ||
| === e3. [1p] Filter web === | === e3. [1p] Filter web === | ||
| - | We want for client2 to filter access to facebook.com. Configure a web filter object with static URL filter and create a new security rule for filtering traffic to that website (using also the security profile). | + | We want for client2 to filter access to facebook.com. Configure a web filter object with static URL filter and create a new security rule for filtering traffic to that website. |
| + | |||
| + | Check other pages from facebook, like //reg// or __login__. Traffic should be blocked and a stock 'page blocked' should be served. | ||
| == Case study web filtering == | == Case study web filtering == | ||
| - | Discussion regarding website blocking: | + | Discussion regarding website blocking (remember also [[https://ocw.cs.pub.ro/courses/sred/labextraftd#e1_2p_traffic_analysis|e1]] from lab5): |
| 1. If you configure on Web Filter the URL **www.facebook.com** (exact match or regex), all traffic to www.facebook.com will be blocked, but traffic to facebook.com won't as no exact match is seen. | 1. If you configure on Web Filter the URL **www.facebook.com** (exact match or regex), all traffic to www.facebook.com will be blocked, but traffic to facebook.com won't as no exact match is seen. | ||
