{{ secondMenu.name }}
config antivirus profile
edit "<Profile-Name>" # Name of the antivirus profile
set comment "<Description>" # Description or purpose of the profile
set http {enable|disable} # Enable/disable antivirus scanning for HTTP
set ftp {enable|disable} # Enable/disable antivirus scanning for FTP
set imap {enable|disable} # Enable/disable antivirus scanning for IMAP
set pop3 {enable|disable} # Enable/disable antivirus scanning for POP3
set smtp {enable|disable} # Enable/disable antivirus scanning for SMTP
set av-block-log {enable|disable} # Enable/disable logging when a virus is blocked
next
end
| FortiGate Parameter |
FortiGate Parameter Description |
Corresponding Sangfor NGAF Module/Parameter |
Migration Guidance |
| name |
Antivirus policy name |
Objects > Security Policy Template > Content Security |
The name can be kept consistent; it is recommended to maintain business context |
| comment |
Policy description |
Objects > Security Policy Template > Content Security |
Can be copied directly |
| http |
Enable antivirus inspection for HTTP traffic |
Objects > Security Policy Template > Content Security |
NGFW has HTTP inspection enabled by default |
| ftp |
Enable antivirus inspection for FTP traffic |
Objects > Security Policy Template > Content Security |
NGFW has FTP inspection enabled by default |
| imap |
Enable antivirus inspection for IMAP traffic |
Objects > Security Policy Template > Content Security |
NGFW has IMAP inspection enabled by default |
| pop3 |
Enable antivirus inspection for POP3 traffic |
Objects > Security Policy Template > Content Security |
NGFW has POP3 inspection enabled by default |
| smtp |
Enable antivirus inspection for SMTP traffic |
Objects > Security Policy Template > Content Security |
Enabled by default |
| av-block-log |
Log blocked events |
Policies > Network Security > Policies |
Whether logging is enabled is configured in Security Policies |
Note: Encrypted traffic needs to be decrypted.
Because Fortigate's antivirus configuration file differs significantly from NGFW, it is recommended to understand Fortigate's antivirus protection capabilities before configuring it according to Sangfor NGFW's content security template and referencing it in the policy.
The content security policy includes Email Protection, URL Filter, and File Protection. Email Protection detects email content, filters attachments, and verifies emails with Engine Zero. URL Filter filters the URL addresses of web pages that meet the preset conditions. File Protection is to filter files and verify files with Engine Zero. See the figure below. 
Click Objects > Security Policy Template > Content Security to enter the Content Security page to add or delete content security policy templates. Click Add. The Add Template page appears, as shown below. 
Name: Define the name of the template.
Description: Define the description of the template.
Email Protection: Detect email content, filter attachments, and verify emails with Engine Zero.
Server Port: There are three ports (25, 110, and 143) by default. For an encrypted email protocol, enable decryption for Internet access.
Malicious Email Alert: When the user receives a malicious email, this alert will be added to the email subject.
URL Filter: Filter the URL addresses of web pages meeting the preset conditions.
File Protection: Filter files and verify files with Engine Zero.
Schedule: Indicate a filter condition. The policy can take effect only if filtering is performed within a specified point in time. It will call the defined time object on the Objects > Schedule page.
Advanced: Set relevant filter conditions, filter types, and thresholds for Email Protection, URL Filter, and File Protection.
File Protection
Filter file: Filter files of certain formats uploaded or downloaded through HTTP.
Verify files with Engine Zero: Define the extensions of files requiring antivirus treatment. Only the file types in this list are subject to antivirus treatment.
Protect downloads to internal servers: If the protected server attempts to connect to an external HTTP server, the download behavior will be subject to Engine Zero Based File Verification.
{{ $t('index.defaultHeader.chromeBrowserTip') }}