Advanced Policy Options - Fortinet FortiGate FortiGate-1000A Administration Manual
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
Policy
Advanced policy options
208
NAT
Select NAT to enable Network Address Translation for the policy. NAT translates the
source address and port of packets accepted by the policy. If you select NAT, you can
also select Dynamic IP Pool and Fixed Port. NAT is not available in Transparent
mode.
Dynamic IP Pool Select Dynamic IP Pool to translate the source address to an address
randomly selected from an IP Pool. An IP Pool can be a single IP address or
an IP address range. An IP pool list appears if IP Pool addresses have been
added to the destination interface or zone.
Select ANY IP Pool to cause the FortiGate unit to select any IP address in
any IP Pool added to the destination interface or zone.
Select the name of an IP Pool added to the destination interface or zone
cause the FortiGate unit to translate the source address to one of the
addresses defined by this IP Pool.
You cannot select Dynamic IP Pool if the destination interface, VLAN
subinterface or if one of the interfaces or VLAN subinterfaces in the
destination zone is configured using DHCP or PPPoE.
For information about adding IP Pools, see
Fixed Port
Select Fixed Port to prevent NAT from translating the source port.
Some applications do not function correctly if the source port is changed. In
most cases, if you select Fixed Port, you would also select Dynamic IP pool.
If you do not select Dynamic IP pool, a policy with Fixed Port selected can
only allow one connection at a time.
Protection Profile
Select a protection profile to configure how antivirus, web filtering, web category
filtering, spam filtering, IPS, and content archiving are applied to a firewall policy. For
information about adding and configuring Protection profiles, see
on page
237.
If you are configuring authentication in the advanced settings, you do not need to
choose a protection profile since the user group chosen for authentication are already
tied to protection profiles. For more information about adding authentication to firewall
policies, see
"Authentication" on page
Log Traffic
Select Log Traffic to record messages to the traffic log whenever the policy processes
a connection. You must also enable traffic log for a logging location (syslog,
WebTrends, local disk if available, memory, or FortiLog) and set the logging severity
level to Notification or lower. For information about logging see
page
361.
Advanced
Select advanced to show advanced policy options.
When configuring a firewall policy, select Advanced to configure advanced firewall
policies.
01-28011-0254-20051115
"IP pool" on page
209.
Firewall
234.
"Protection profile"
"Log & Report" on
Fortinet Inc.
Advertisement
Table of Contents
