Table of Contents
Advertisement
Firewall Policy
Scenario two: enterprise sized business
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
Located in a large city, the library system is anchored by a main downtown
location serving most of the population, with more than a dozen branches spread
throughout the city. Each branch is wired to the Internet but none are linked with
each other by dedicated connections.
The current network topography at the main location consists of three user
groups. The main branch staff and public terminals access the servers in the DMZ
behind the firewall. The catalog access terminals directly access the catalog
server without first going through the firewall.
The topography at the branch office has all three users accessing the servers at
the main branch via non secured internet connections.
Figure 129:The library system's current network topology
The library must be able to set different access levels for patrons and staff
members.
The first firewall policy for main office staff members allows full access to the
Internet at all times. A second policy will allow direct access to the DMZ for staff
members. A second pair of policies are required to allow branch staff members
the same access.
The staff firewall policies will all use a protection profile configured specifically for
staff access. Enabled features include virus scanning, spam filtering, IPS, and
blocking of all P2P traffic. FortiGuard web filtering is also used to block
advertising, malware, and spyware sites.
Firewall policy examples
231
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
