Table of Contents
Advertisement
Adding firewall policies
118
VPN Tunnel
Select a VPN tunnel for an ENCRYPT policy. You can select an AutoIKE key or
Manual Key tunnel. VPN Tunnel is not available in Transparent mode.
Allow inbound
Select Allow inbound so that users behind the remote VPN gateway can
connect to the source address.
Allow outbound Select Allow outbound so that users can connect to the destination address
behind the remote VPN gateway.
Inbound NAT
Select Inbound NAT to translate the source address of incoming packets to
the FortiGate internal IP address.
Outbound NAT Select Outbound NAT to translate the source address of outgoing packets to
the FortiGate external IP address.
Traffic Shaping
Traffic Shaping controls the bandwidth available to and sets the priority of the traffic
processed by the policy. Traffic Shaping makes it possible to control which policies
have the highest priority when large amounts of data are moving through the
FortiGate device. For example, the policy for the corporate web server might be given
higher priority than the policies for most employees' computers. An employee who
needs unusually high-speed Internet access could have a special outgoing policy set
up with higher bandwidth.
If you set both guaranteed bandwidth and maximum bandwidth to 0 the policy does
not allow any traffic.
Guaranteed
You can use traffic shaping to guarantee the amount of bandwidth available
through the firewall for a policy. Guarantee bandwidth (in Kbytes) to make
Bandwidth
sure that there is enough bandwidth available for a high-priority service.
Maximum
You can also use traffic shaping to limit the amount of bandwidth available
through the firewall for a policy. Limit bandwidth to keep less important
Bandwidth
services from using bandwidth needed for more important services.
Traffic Priority
Select High, Medium, or Low. Select Traffic Priority so that the FortiGate unit
manages the relative priorities of different types of traffic. For example, a
policy for connecting to a secure web server needed to support e-commerce
traffic should be assigned a high traffic priority. Less important services
should be assigned a low priority. The firewall provides bandwidth to low-
priority connections only when bandwidth is not needed for high-priority
connections.
Authentication
Select Authentication and select a user group to require users to enter a user name
and password before the firewall accepts the connection. Select the user group to
control the users that can authenticate with this policy. To add and configure user
groups, see
"Configuring user groups" on page
you can select Authentication.
You can select Authentication for any service. Users can authenticate with the firewall
using HTTP, Telnet, or FTP. For users to be able to authenticate you must add an
HTTP, Telnet, or FTP policy that is configured for authentication. When users attempt
to connect through the firewall using this policy they are prompted to enter a firewall
username and password.
Firewall configuration
151. You must add user groups before
Fortinet Inc.
Advertisement
Table of Contents
