Fortinet FortiGate Series Administration Manual page 415

Firewall Policy
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Figure 223: Example SOHO network before FortiGate installation
IPS Mail ISP Web
Server Server
172.16.10.3
Finance
Department
Internal Network
Company A requires secure connections for home-based workers. Like many companies,
they rely heavily on email and Internet access to conduct business. They want a
comprehensive security solution to detect and prevent network attacks, block viruses, and
decrease spam. They want to apply different protection settings for different departments.
They also want to integrate web and email servers into the security solution.
To deal with their first requirement, Company A configures specific policies for each
home-based worker to ensure secure communication between the home-based worker
and the internal network.
1 Go to Firewall > Policy.
2 Select Create New and enter or select the following settings for Home_User_1:
Interface / Zone
Address
Schedule
Service
Action
VPN Tunnel
Allow Inbound
Allow outbound
Inbound NAT
Internet
Home-based Workers
(no secure connection)
192.168.100.1
Help Engineering
Desk Department
Source: internal
Source:
CompanyA_Network
Always
ANY
IPSEC
Home1
yes
yes
yes
Firewall policy examples
Destination: wan1
Destination: Home_User_1
415