Table of Contents
Advertisement
Firewall Policy
Firewall Policy
About firewall policies
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
Firewall policies control all traffic passing through the FortiGate unit. Add firewall
policies to control connections and traffic between FortiGate interfaces, zones,
and VLAN subinterfaces.
The following topics are included in this section:
•
About firewall policies
•
Viewing the firewall policy list
•
Configuring firewall policies
•
Firewall policy examples
Firewall policies are instructions the FortiGate unit uses to decide what to do with
a connection request. When the firewall receives a connection request in the form
of a packet, it analyzes the packet to extract its source address, destination
address, and service (by port number).
For the packet to be connected through the FortiGate unit, the source address,
destination address, and service of the packet must match a firewall policy. The
policy directs the firewall action on the packet. The action can be to allow the
connection, deny the connection, require authentication before the connection is
allowed, or process the packet as an IPSec VPN packet.
Each policy can be configured to route connections or apply network address
translation (NAT) to translate source and destination IP addresses and ports. Add
IP pools to use dynamic NAT when the firewall translates source addresses. Use
policies to configure port address translation (PAT) through the FortiGate unit.
Add protection profiles to firewall policies to apply different protection settings for
the traffic that is controlled by firewall policies. For details about protection
profiles, see
"Firewall Protection Profile" on page
Enable traffic logging for a firewall policy so the FortiGate unit logs all connections
that use this policy.
The firewall matches policies by searching for a match starting at the top of the
policy list and moving down until it finds the first match. Arrange policies in the
policy list from more specific to more general. For example, the default policy is a
very general policy because it matches all connection attempts. Exceptions to that
policy are added to the policy list above the default policy. No policy below the
default policy will ever be matched.
Policy options are configurable when creating or editing a firewall policy.
Depending on the type of action selected, a different set of options is presented.
About firewall policies
271.
213
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
