Which statement is correct regarding virus scanning on a FortiGate unit?

The statement regarding virus scanning on a FortiGate unit that is correct is that virus scanning must be enabled in a security profile, which must be applied to a firewall policy. This reflects the operational process of configuring virus scanning on FortiGate devices.

To utilize virus scanning, an administrator must first create a security profile that includes virus scanning settings. Once the profile is configured, it needs to be associated with a specific firewall policy for it to be effective. This means that simply having virus scanning capabilities does not activate them across the device or network; the administrator has to explicitly include the scanning profile in the relevant traffic management configurations.

This structured approach ensures that virus scanning applies specifically to the traffic flows defined by those firewall policies, allowing for detailed and tailored security measures according to organizational needs. Without applying the profile to a policy, the scanning function would not engage, making it essential to bridge the two components for effective virus protection.