Fortigate IPS, DNS/WEB Filter, Domain & IP Reputation

 Fortigate 啟用 Fortigate IPS, DNS/WEB Filter, Domain & IP Reputation 相關功能

• 在 Fortigate 要使用一些功能，必須先到［Feature Visibility] 中啟用該功能。
  
  

DNS Filter

Apply DNS category filtering, URL filtering to control user's access to web resources. Set up DNS Filter Profiles (Security Profiles > DNS Filter) and add them to Firewall Policies or add them to a DNS Server on a FortiGate interface. Some features require a subscription to FortiGuard Web Filtering.

Web Filter

Apply web category filtering, URL filtering, and content filtering to control user's access to web resources. Set up Web Filter Profiles (Security Profiles > Web Filter) and add them to Firewall Policies. Some features require a subscription to FortiGuard Web Filtering.

前兩項，個人認為比較偏向 Client (Outgoing)，避免去到惡意的網站或網址

Domain & IP Reputation

Enable the Reputation Lookup feature. This page allows querying of reputations for IPs or FQDNs as classified in FortiGuard databases. Databases require a valid FortiGuard subscription.

Intrusion Prevention

Detect and block network-based attacks. Set up IPS Sensors (under Security Profiles > Intrusion Prevention) and add them to Security Policies. Requires a subscription to FortiGuard IPS.

 在[Intrusion Prevention]，可{Disable | Block | Monitor} [Botnet C&C]  

後兩項，偏向 Server (Incoming)，避免已知惡意來源的連線

Domain & IP Reputation

Enable the Reputation Lookup feature. This page allows querying of reputations for IPs or FQDNs as classified in FortiGuard databases. Databases require a valid FortiGuard subscription.

此項目在自訂 Domain / IP List。用來定義黑名單。