Can I block IM by FortiGate firewalls

You can use the CLI command config imp2p old-version to block older IM versions than the following at Fortios 3.0:

• MSN 6.0
• ICQ 4.0
• AIM 5.0
• Yahoo 6.0

For details see the FortiGate CLI Reference.

How can I block IM applications that are not mentioned above?

You can block IM applications such as QQ and Google Talk by Intrusion Protection sigantures or using custom signatures.

To block these applications, go to Intrusion Protection > Signature > Protocol Detection. Select the blue arrow for im_decoder to expand the list. Select Edit to change the settings.

What is the maximum number of supported IM users?

The number varies on different FortiGate models. See the Fortinet Knowledge Center article FortiGate Maximum Values Matrix. Note that the maxumum values only apply to IM management, not to AV/file blocking.

How can I know who are the current connected IM users?

You can view the current users at IM/P2P > User > Current Users.

5. Why can't I block an IM user logon?

Changes to IM protection profile options while IM users are logged in, will take effect only upon their next logon. You cannot disconnect currently logged-on users by enabling logon blocking.

Can I block IM users that use the HTTP port or other non-standard port to get around the Firewall?

Yes. You can enable "Inspect Non-Standard port" on the protection profile.

What if a virtual domain is used? Is IM virtualized?

You can only configure content profiles and IM settings in the global configuration. You can apply protection profiles in virtual dommains, but not create or modify them. Therefore, IM is "virtualized".

Can I enforce that my IM users use consistent versions that are patched against known vulnerabilities?

FortiGate devices do not perform patch or application management capabilities.

Will I be able to log IM transaction infomation?

Yes, you can view IM transaction infomation within the content log. The FortiGate unit saves content logs to a FortiAnalyzer unit. You can view IM violations in the logs by going to Log&Report > Log Access and selecting IM/P2P from the Log Type list.

Can I log IM chat information and its limitation?

Yes, by enabling "Archive full IM chat info to FortiAnalyzer" in the protection profile.

Can I enforce schedules for IM usage?

Yes, by using firewall policies.

How can I protect my IM users against latest possible attacks?

Ensure you have a FortiGuard sub***ion to automatically receive IPS updates. Go to Intrusion Protection > Signature > Predefined. Select the blue arrow for IM and ensure that the signatures are enabled.

Can I manage Skype users?

Skype is a P2P application and can only be managed as such.

What is rate limit for?

Use the Rate limit to block or limit the amount of bandwidth consumed by P2P protocols, and more effectively manage limited Internet resources.

Can I block P2P applications that are not listed?

Go to Intrusion Protection > Signature > Protocol Decoder. Select the blue arrow for p2p_decoder to expand the listing. You can also create custom signatures.