Configure The Firewall Policies - Fortinet FortiWiFi FortiWiFi-60B Install Manual

Setting up the FortiWiFi unit as an access point

Configure the firewall policies

50
You need to add at least two firewall policies to enable the flow of traffic from the
wireless port (your wireless users) and the WAN1 port (access to the Internet).
First, create an outgoing firewall policy that allows traffic from the wireless port to
the Internet, so wireless users can send data to the Internet.
These policies are using the Scan protection profile, which is a default protection
profile for scanning traffic for viruses. For information on creating and configuring
your own protection profiles, see the FortiGate Administration Guide.
To create and outgoing firewall policy
1 Go to Firewall > Policy.
2 Select the blue arrow for WLAN to WAN1.
3 Select Create New.
Configure the following settings and select OK:
Interface/Zone Source
Interface/Zone
Destination
Address Name Source
Address Name
Destination
Schedule
Service
Action
NAT
Protection Profile
Next, create an incoming firewall policy that allows traffic from the Internet through
to the wireless network port so wireless users can receive data from the Internet.
To create and incoming firewall policy
4 Go to Firewall > Policy.
5 Select the blue arrow for WAN1 to WLAN.
6 Select Create New.
Configure the following settings and select OK:
Interface/Zone Source
Interface/Zone
Destination
Address Name Source
Address Name
Destination
Schedule
Service
Action
NAT
Protection Profile
WLAN
WAN1
All
All
Always
ANY
ACCEPT
Enable
Scan
WAN1
WLAN
All
All
Always
ANY
ACCEPT
Enable
Scan
FortiWiFi-60B FortiOS 3.0 MR6 Install Guide
Using a wireless network
01-30006-0447-20080131