SAMENVATTING MOD 3 4 5 SECURITY 2 + cheatsheet + questions
✅ CYBERSECURITY SUMMARY – Les 4 + Les 5 + Les 6 (FULL SUMMARY)
(Based entirely on your 3 uploaded PDFs)
📌 LES 4 — UTM, INSPECTION MODES & WEB FILTERING
1. UTM – Unified Threat Management
A FortiGate bundles multiple security features:
✔ Antivirus & Anti-malware
✔ Application Control
✔ Web Filtering
✔ DNS Filtering
✔ IPS (Intrusion Prevention)
✔ VPN
✔ DLP
2. Inspection Modes
🔹 Flow-Based (Default)
Fastest
Low CPU usage
Scans packets as they pass
Limited features
No modification of packets
Use when:
Basic filtering
High performance needed
🔹 Proxy-Based
Full reconstruction of packets
Highest visibility
Supports advanced features
Adds latency
Use when:
Content must be analyzed
, SSL Deep Inspection
Application Control deep detection
Antivirus scanning is required
3. NGFW Modes
Profile-Based (what YOU always use)
You create profiles (web filter, app control, AV)
You attach them to firewall policies
Most control and security
Policy-Based (not used in class)
Web filter & app control set directly on the policy
Less control, no per-profile settings
4. Web Filtering
Filtering happens based on:
Domain
URL
Categories (FortiGuard)
Static URLs (exact, wildcard, regex)
Actions:
Allow
Block
Monitor
Warning
Authenticate (user login required)
Important:
SSL Inspection must be on certificate inspection minimum,
otherwise FortiGate cannot see HTTPS domain information.
5. SSL Inspection
No Inspection
Only IP/port visible
Not enough for categories or filters
Default but weak
✅ CYBERSECURITY SUMMARY – Les 4 + Les 5 + Les 6 (FULL SUMMARY)
(Based entirely on your 3 uploaded PDFs)
📌 LES 4 — UTM, INSPECTION MODES & WEB FILTERING
1. UTM – Unified Threat Management
A FortiGate bundles multiple security features:
✔ Antivirus & Anti-malware
✔ Application Control
✔ Web Filtering
✔ DNS Filtering
✔ IPS (Intrusion Prevention)
✔ VPN
✔ DLP
2. Inspection Modes
🔹 Flow-Based (Default)
Fastest
Low CPU usage
Scans packets as they pass
Limited features
No modification of packets
Use when:
Basic filtering
High performance needed
🔹 Proxy-Based
Full reconstruction of packets
Highest visibility
Supports advanced features
Adds latency
Use when:
Content must be analyzed
, SSL Deep Inspection
Application Control deep detection
Antivirus scanning is required
3. NGFW Modes
Profile-Based (what YOU always use)
You create profiles (web filter, app control, AV)
You attach them to firewall policies
Most control and security
Policy-Based (not used in class)
Web filter & app control set directly on the policy
Less control, no per-profile settings
4. Web Filtering
Filtering happens based on:
Domain
URL
Categories (FortiGuard)
Static URLs (exact, wildcard, regex)
Actions:
Allow
Block
Monitor
Warning
Authenticate (user login required)
Important:
SSL Inspection must be on certificate inspection minimum,
otherwise FortiGate cannot see HTTPS domain information.
5. SSL Inspection
No Inspection
Only IP/port visible
Not enough for categories or filters
Default but weak
