Fortinet FortiGate Series Administration Manual page 392

Configuring firewall policies
392
• IPSEC and SSL-VPN policy actions apply a tunnel mode IPSec VPN or SSL VPN
tunnel, respectively, and may optionally apply NAT and allow traffic for one or both
directions. If permitted by the firewall encryption policy, a tunnel may be initiated
automatically whenever a packet matching the policy arrives on the specified network
interface, destined for the local private network. For more information, see
firewall policy options" on page 399
policies" on page 400.
To add or edit a firewall policy, go to Firewall > Policy. Select Create New to add a policy
or select the edit icon beside an existing firewall policy. Configure the settings as
described in the following table and in the references to specific features for IPSec, SSL
VPN and other specialized settings, and then select OK.
If you want to create a DoS policy, go to Firewall > Policy > DoS Policy, and configure the
settings according to the following table. For more information, see
detect and prevent attacks" on page
If you want to use IPv6 firewall addresses in your firewall policy, first go to System > Admin
> Settings. Select "IPv6 Support on GUI". Then go to Firewall > Policy > IPv6 Policy, and
configure the settings according to the following table.
Firewall policy order affects policy matching. Each time that you create or edit a policy,
make sure that you position it in the correct location in the list. You can create a new policy
and position it right away before an existing one in the firewall policy list, by selecting
Insert Policy before (see
Note: You can configure differentiated services (DSCP) firewall policy options through the
CLI. See the "firewall" chapter of the
and "Configuring SSL VPN identity-based firewall
404.
"Viewing the firewall policy list" on page
FortiGate CLI
FortiGate Version 4.0 MR1 Administration Guide
"IPSec
"Using DoS policies to
390).
Reference.
01-410-89802-20090903
http://docs.fortinet.com/
Firewall Policy
• Feedback