Fortinet FortiGate Series Administration Manual page 393

Firewall Policy
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Figure 209: Firewall Policy options
Source Select the name of the FortiGate network interface, virtual domain (VDOM) link,
or zone on which IP packets are received. Interfaces and zones are configured
Interface/Zone
on the System Network page. For more information, see
on page 177
If you select Any as the source interface, the policy matches all interfaces as
source.
If Action is set to IPSEC, the interface is associated with the local private
network.
If Action is set to SSL-VPN, the interface is associated with connections from
remote SSL VPN clients.
Source Address Select the name of a firewall address to associate with the Source
Interface/Zone. Only packets whose header contains an IP address matching
the selected firewall address will be subject to this policy.
You can also create firewall addresses by selecting Create New from this list.
For more information, see
If you want to associate multiple firewall addresses or address groups with the
Source Interface/Zone, from Source Address, select Multiple. In the dialog box,
move the firewall addresses or address groups from the Available Addresses
section to the Members section, then select OK.
If Action is set to IPSEC, the address is the private IP address of the host,
server, or network behind the FortiGate unit.
If Action is set to SSL-VPN and the policy is for web-only mode clients, select all.
If Action is set to SSL-VPN and the policy is for tunnel mode clients, select the
name of the address that you reserved for tunnel mode clients.
and "Configuring zones" on page
"Configuring addresses" on page
Configuring firewall policies
"Configuring interfaces"
198.
423.
393