Which configuration on FortiSASE is allowing users to perform the download?

Refer to the exhibits.

A FortiSASE administrator has configured an antivirus profile in the security profile group and applied it to the internet access policy. Remote users are still able to download the eicar.com-zip file from https://eicar.org. Traffic logs show traffic is allowed by the policy.

Which configuration on FortiSASE is allowing users to perform the download?
A . Web filter is allowing the traffic.
B . IPS is disabled in the security profile group.
C . The HTTPS protocol is not enabled in the antivirus profile.
D . Force certificate inspection is enabled in the policy.

Answer: A

Explanation:

Based on the provided exhibits and the configuration details, the reason why users are still able to

download the eicar.com-zip file despite having an antivirus profile applied is due to the Web Filter allowing the traffic.

Here is the step-by-step detailed explanation:

Web Filtering Logs Analysis:

The logs show that the traffic to the destination port 443 (which is HTTPS) is allowed and the security event triggered is Web Filter.

The log details indicate that the URL belongs to an allowed category in the policy and thus, the traffic is permitted by the Web Filter.

Security Profile Group Configuration:

The Web Filter with Inline-CASB section indicates that the site www.eicar.org is being monitored (93 occurrences) and not blocked.

Since the Web Filter is set to allow traffic from this site, the antivirus profile will not block it because the Web Filter decision takes precedence.

Antivirus Profile Configuration:

Although the antivirus profile is configured, the logs do not show any antivirus actions being triggered. This indicates that the web filter is overriding the antivirus action.

Policy Configuration:

The policy named "Web Traffic" shows that it has logging enabled and is set to accept traffic.

The profile group "SIA" applied to this policy includes both Web Filter and Antivirus settings.

However, since the Web Filter is allowing the traffic, the antivirus profile does not get the chance to inspect it.

Reference: FortiGate Security 7.2 Study Guide: Provides details on the precedence of web filtering over antivirus in security profiles.

Fortinet Knowledge Base: Detailed explanation of web filtering and antivirus profiles interaction.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments