Firewall Policy Example - Fortinet FortiGate FortiGate-800 Installation And Configuration Manual

Fortinet network device installation and configuration guide
Hide thumbs Also See for FortiGate FortiGate-800:
Table of Contents

Advertisement

Configuration example: Multiple connections to the Internet

Firewall policy example

56
Firewall policies control how traffic flows through the FortiGate unit. After you
configure routing for multiple Internet connections, you must create firewall policies.
Firewall policies control which traffic is allowed through the FortiGate unit and the
interfaces that this traffic can connect through.
For traffic originating on the internal network to be able to connect to the Internet
through both Internet connections, you must add redundant policies from the internal
interface to each interface that connects to the Internet. After you add these policies,
the routing configuration controls which Internet connection is used.
Adding a redundant default policy
Figure 9 on page 51
and DMZ interfaces. The default policy allows all traffic from the internal network to
connect to the Internet through the external interface. If you add a similar policy to the
internal to DMZ policy list, this policy allows all traffic from the internal network to
connect to the Internet through the DMZ interface. With both these policies added to
the firewall configuration, the routing configuration determines which Internet
connection the traffic from the internal network uses. For more information about the
default policy, see
To add a redundant default policy
1
Go to Firewall > Policy > Internal->DMZ.
2
Select New.
3
Configure the policy to match the default policy.
Source
Internal_All
Destination
DMZ_All
Schedule
Always
Service
ANY
Action
Accept
NAT
Select NAT.
4
Select OK to save the changes.
Adding more firewall policies
In most cases your firewall configuration includes more than the default policy.
However, the basic premise of creating redundant policies applies even as the firewall
configuration becomes more complex. To configure the FortiGate unit to use multiple
Internet connections you must add duplicate policies for connections between the
internal network and both interfaces connected to the Internet. As well, as you add
redundant policies, you must arrange them in both policy lists in the same order.
shows a FortiGate unit connected to the Internet using its internal
"Default firewall configuration" on page
NAT/Route mode installation
186.
Fortinet Inc.

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents