Table of Contents
Advertisement
Factory default FortiGate configuration settings
Factory default firewall configuration
34
The factory default firewall configuration is the same in NAT/Route and Transparent
mode.
Table 5: Factory default firewall configuration
Internal
Internal_All
Address
WAN1
WAN1_All
Address
DMZ
DMZ_All
Address
Recurring
Always
Schedule
Firewall
Internal->WAN1
Policy
Source
Destination WAN1_All
Schedule
Service
Action
NAT
Traffic Shaping
Authentication
Antivirus & Web Filter
Content
Profile
Log Traffic
IP: 0.0.0.0
Represents all of the IP addresses on the internal
network.
Mask: 0.0.0.0
IP: 0.0.0.0
Represents all of the IP addresses on the network
connected to the WAN1 interface.
Mask: 0.0.0.0
IP: 0.0.0.0
Represents all of the IP addresses on the network
connected to the DMZ interface.
Mask: 0.0.0.0
The schedule is valid at all times. This means that
the firewall policy is valid at all times.
Firewall policy for connections from the internal
network to the external network.
Internal_All
The policy source address. Internal_All means that
the policy accepts connections from any internal IP
address.
The policy destination address. WAN1_All means
that the policy accepts connections with a
destination address to any IP address on the
external (WAN1) network.
Always
The policy schedule. Always means that the policy
is valid at any time.
ANY
The policy service. ANY means that this policy
processes connections for all services.
ACCEPT
The policy action. ACCEPT means that the policy
allows connections.
NAT is selected for the NAT/Route mode default
policy so that the policy applies network address
translation to the traffic processed by the policy.
NAT is not available for Transparent mode policies.
Traffic shaping is not selected. The policy does not
apply traffic shaping to the traffic controlled by the
policy. You can select this option to control the
maximum or minimum amount of bandwidth
available to traffic processed by the policy.
Authentication is not selected. Users do not have to
authenticate with the firewall before connecting to
their destination address. You can configure user
groups and select this option to require users to
authenticate with the firewall before they can
connect through the firewall.
Antivirus & Web Filter is selected.
Scan
The scan content profile is selected. The policy
scans all HTTP, FTP, SMTP, POP3, and IMAP
traffic for viruses. See
page 36
for more information about the scan
content profile. You can select one of the other
content profiles to apply different levels of content
protection to traffic processed by this policy.
Log Traffic is not selected. This policy does not
record messages to the traffic log for the traffic
processed by this policy. You can configure
FortiGate logging and select Log Traffic to record all
connections through the firewall that are accepted
by this policy.
Getting started
"Scan content profile" on
Fortinet Inc.
Advertisement
Table of Contents
