1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-60R
  6. Installation and configuration manual

Firewall Policy Options - Fortinet FortiGate FortiGate-60R Installation And Configuration Manual

Antivirus firewall
Hide thumbs
Table of Contents

Advertisement

Firewall configuration

Firewall policy options

FortiGate-60R Installation and Configuration Guide
This section describes the options that you can add to firewall policies.
Source
Select an address or address group that matches the source address of the packet.
Before you can add this address to a policy, you must add it to the source interface. To
add an address, see
"Addresses" on page
Destination
Select an address or address group that matches the destination address of the
packet. Before you can add this address to a policy, you must add it to the destination
interface. To add an address, see
For NAT/Route mode policies where the address on the destination network is hidden
from the source network using NAT, the destination can also be a virtual IP that maps
the destination address of the packet to a hidden destination address. See
IPs" on page
158.
Schedule
Select a schedule that controls when the policy is available to be matched with
connections. See
"Schedules" on page
Service
Select a service that matches the service (port number) of the packet. You can select
from a wide range of predefined services or add custom services and service groups.
See
"Services" on page
Action
Select how the firewall should respond when the policy matches a connection attempt.
ACCEPT
Accept the connection. If you select ACCEPT, you can also configure NAT
and Authentication for the policy.
DENY
Deny the connection. The only other policy option that you can configure is
log traffic, to log the connections denied by this policy.
ENCRYPT
Make this policy an IPSec VPN policy. If you select ENCRYPT, you can
select an AutoIKE key or Manual Key VPN tunnel for the policy and configure
other IPSec settings. You cannot add authentication to an ENCRYPT policy.
ENCRYPT is not available in Transparent mode. See
policies" on page
NAT
Configure the policy for NAT. NAT translates the source address and the source port
of packets accepted by the policy. If you select NAT, you can also select Dynamic IP
Pool and Fixed Port. NAT is not available in Transparent mode.
148.
"Addresses" on page
155.
151.
194.
Adding firewall policies
148.
"Virtual
"Configuring encrypt
143

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-60R

Related Content for Fortinet FortiGate FortiGate-60R

This manual is also suitable for:

Fortigate 60r

Table of Contents