Customizable Routing Widgets; Access List - Fortinet FortiGate Series Administration Manual

Router Dynamic

Customizable routing widgets

Access List

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
You can customize the FortiGate web-based manager (or GUI) to show, hide, and arrange
widgets/menus/items according to your specific requirements. Customizing the display
allows you to vary or limit the GUI layout to address different administrator needs such as
advanced routing.
Only administrators with the super_admin admin profile may create and edit GUI layouts.
For more information on GUI layouts, see
page 290.
Each of the customizable GUI widgets can be minimized or maximized using the arrow
next to the widget title.
Customizable routing widgets include:
• Access List
• Distribute List
• Key Chain
• Offset List
• Prefix List
• Route Map
Access lists are filters used by FortiGate unit routing processes to limit access to the
network based on IP addresses. For an access list to take effect, it must be called by a
FortiGate unit routing process (for example, a process that supports RIP or OSPF). The
offset list is part of the RIP and OSPF routing protocols. For more information about RIP,
see "RIP" on page 357. For more information about OSPF, see
Each rule in an access list consists of a prefix (IP address and netmask), the action to take
for this prefix (permit or deny), and whether to match the prefix exactly or to match the
prefix and any more specific prefix.
Note: If you are setting a prefix of 128.0.0.0, use the format 128.0.0.0/1. The default route,
0.0.0.0/0 can not be exactly matched with an access-list. A prefix-list must be used for this
purpose. For more information, see
The FortiGate unit attempts to match a packet against the rules in an access list starting at
the top of the list. If it finds a match for the prefix, it takes the action specified for that
prefix. If no match is found the default action is deny.
Figure 198: Access List GUI widget
Access-list Enter the name of a new access list. Select Add to save the new access list.
Name The name of the access list.
Action The action to take when the prefix of this access list is matched. Actions can
be either permit or deny.
Prefix The IP address prefix for this access-list. When this prefix is matched, the
action is taken. The prefix can match any address, or a specific address.
Customizable routing widgets
"Customizable web-based manager" on
"OSPF" on page
"Prefix List" on page 380.
362.
377