Configuring firewall policies
IPSec firewall policy options
SSL-VPN firewall policy options
226
Note: If you set both guaranteed bandwidth and maximum bandwidth to 0 (zero),
the policy does not allow any traffic.
When Action is set to IPSEC, the following options are available:
Figure 124:IPSEC encryption policy
VPN Tunnel
Select the VPN tunnel name defined in the phase 1 configuration. The
specified tunnel will be subject to this firewall encryption policy.
Allow Inbound
Select to enable traffic from a dialup client or computers on the remote
private network to initiate the tunnel.
Allow outbound
Select to enable traffic from computers on the local private network to
initiate the tunnel.
Inbound NAT
Select to translate the source IP addresses of inbound decrypted
packets into the IP address of the FortiGate interface to the local
private network.
Outbound NAT
Select in combination with a natip CLI value to translate the source
addresses of outbound cleartext packets into the IP address that you
specify. Do not select Outbound NAT unless you specify a natip
value through the CLI. When a natip value is specified, the source
addresses of outbound IP packets are replaced before the packets
are sent through the tunnel. For more information, see the "firewall"
chapter of the
Note: Route-based (interface mode) IPSec tunnels are not configured the same way as
tunnel mode IPSec tunnels: instead of defining a (tunnel mode "IPSEC") firewall encryption
policy to permit VPN connections and control IP traffic through the tunnel, one binds a
route-based VPN tunnel to an IPSec virtual interface, and then specifies the IPSec virtual
interface as a source or destination interface in a regular (ACCEPT or DENY) firewall
policy.
For more information, see the "Defining a firewall encryption policy" chapter of the
FortiGate IPSec VPN User
When Action is set to SSL-VPN, the following options are available:
Note: The SSL-VPN option is available from the Action list after one or more SSL VPN user
groups have been created. To create user accounts and SSL VPN user groups, see
"Configuring SSL VPN user group options" on page
Figure 125:SSL-VPN encryption policy
FortiGate CLI
Reference.
Guide.
332.
FortiGate Version 3.0 MR4 Administration Guide
Firewall Policy
01-30004-0203-20070102