Table of Contents
Advertisement
Addresses
Enabling and disabling policies
Addresses
NO
148
3
Choose a policy to move and select Move To
4
Type a number in the Move to field to specify where in the policy list to move the policy
and select OK.
You can enable and disable policies in the policy list to control whether the policy is
active or not. The FortiGate unit matches enabled policies but does not match
disabled policies.
Disabling a policy
Disable a policy to temporarily prevent the firewall from selecting the policy. Disabling
a policy does not stop active communications sessions that have been allowed by the
policy. To stop active communication sessions, see
1
Go to Firewall > Policy.
2
Select the policy list containing the policy to disable.
3
Clear the check box of the policy to disable.
Enabling a policy
Enable a policy that has been disabled so that the firewall can match connections with
the policy.
1
Go to Firewall > Policy.
2
Select the policy list containing the policy to enable.
3
Select the check box of the policy to enable.
All policies require source and destination addresses. To add addresses to a policy
between two interfaces, you must first add addresses to the address list for each
interface.
You can add, edit, and delete all firewall addresses as required. You can also organize
related addresses into address groups to simplify policy creation.
A firewall address consists of an IP address and a netmask. This information can
represent:
•
The address of a subnet (for example, for a class C subnet,
IP address: 192.168.20.0 and Netmask: 255.255.255.0).
•
A single IP address (for example, IP Address: 192.168.20.1 and
Netmask: 255.255.255.255)
•
All possible IP addresses (represented by IP Address: 0.0.0.0 and Netmask:
0.0.0.0)
Note: IP address: 0.0.0.0 and Netmask: 255.255.255.255 is not a valid firewall address.
Firewall configuration
to change its order in the policy list.
"System status" on page
85.
Fortinet Inc.
Advertisement
Table of Contents
