Fortinet 110C manual Firewall policies

Page 34

Firewall policies

Advanced configuration

Web Apply virus scanning and web content blocking to HTTP traffic.

Unfiltered Apply no scanning, blocking or IPS. Use the unfiltered content profile if no content protection for content traffic is required. Add this protection profile to firewall policies for connections between highly trusted or highly secure networks where content does not need to be protected.

The best way to begin creating your own protection profile is to open a predefined profile. This way you can see how a profile is set up, and then modify it suit your requirements. You access Protection profile options by going to Firewall > Protection Profile, and selecting Edit for one of the predefined profiles.

Protection profiles are used by the firewall policies to determine how network and Internet traffic is controlled, scanned and when necessary, rejected. The Protection Profiles can be considered the rules of the firewall policy. Because of this, you should take some time to review the various options to consider what you want the firewall policies to do. If, after setting the protection profile and firewall policies, traffic is not flowing or flowing too much, verify your profile settings.

The number of options and configuration for the protection profile is too vast for this document. For details on each protection profile feature and setting, see the FortiGate Administration Guide or the FortiGate Online Help.

Firewall policies

Firewall policies are instructions the FortiGate unit uses to decide what to do with a connection request. When the firewall receives a connection request, it analyzes it to extract its source address, destination address, and port number.

For the connection through the FortiGate unit to be successful, the source address, destination address, and service of the connection must match a firewall policy. The policy directs the firewall action for the connection. The action can be to allow the connection, deny the connection, require authentication before the connection is allowed, or process the packet as an IPSec VPN connection.

You can configure each firewall policy to route connections or apply network address translation (NAT) to translate source and destination IP addresses and ports. You also add protection profiles to firewall policies to apply different protection settings for the traffic controlled by firewall policies.

The FortiGate unit matches firewall policies by searching from the top of the firewall policy list and moving down until it finds the first match, then performs the required address translation, blocking and so on described by the protection profile, then passes on the packet information. This is important, because once the FortiGate unit finds a match to a policy, it will not continue down the list. You need to arrange policies in the policy list from more specific to more general.

For example, if you have two policies, one that blocks specific URLs or IP addresses, and another general policy that lets traffic through. If you put the general policy at the top, the FortiGate unit will act on the general policy, figuring the policy has been matched and potentially let the URLs or IPs you wanted blocked through.

Note: No traffic will flow through a FortiGate unit until at least one firewall policy is added.

 

FortiGate-110C FortiOS 3.0 MR6 Install Guide

32

01-30006-0481-20080728

Page 33 Page 35
Image 34
Page 33 Page 35
Contents Install G U I D E Trademarks Regulatory complianceContents Advanced configuration FortiGate FirmwareTesting new firmware before installing Installing firmware from a system reboot using the CLIIndex Page Introduction Register your FortiGate unitAbout this document About the FortiGate-110CDocument conventions Further Reading Typographic conventionsFortinet Knowledge Center Customer service and technical supportComments on Fortinet technical documentation Installing Environmental specificationsRack mount instructions GroundingMounting To install the FortiGate unit into a rack Installed mounting bracketsTo power on the FortiGate unit Connecting to the networkPlugging in the FortiGate To power off the FortiGate unit Turning off the FortiGate unitTurning off the FortiGate unit NAT vs. Transparent mode ConfiguringNAT mode Connecting to the web-based manager Connecting to the FortiGate unitTransparent mode To connect to the web-based managerConnecting to the CLI To connect to the CLIConfigure the interfaces Configuring NAT modeUsing the web-based manager To configure interfaces Go to System Network InterfaceConfigure a DNS server Adding a default route and gatewayTo modify the default gateway Go to Router Static Adding firewall policiesTo set an interface to use a static address Using the CLITo set an interface to use Dhcp addressing To configure DNS server settings To set an interface to use PPPoE addressingTo modify the default gateway Configuring Transparent modeTo add an outgoing traffic firewall policy Switching to Transparent mode To switch to Transparent mode Go to System StatusTo switch to Transparent mode To configure DNS server settings Verify the configuration Backing up the configurationSet the Administrator password Restoring a configurationAdditional configuration Set the time and dateConfigure FortiGuard Updating antivirus and IPS signaturesAdditional configuration Advanced configuration Protection profilesFirewall policies Firewall policiesConfiguring firewall policies Antivirus optionsAntiSpam options Web filtering Logging FortiGate Firmware Downloading firmwareUpgrading the firmware Using the web-based managerReverting to a previous version Using the USB Auto-Install Backup and Restore from a USB keyTo revert to a previous firmware version Using the CLI To upgrade the firmware using the CLIExecute restore image namestr tftpip4 To revert to a previous firmware version using the CLIInstalling firmware from a system reboot using the CLI Execute restore image namestr tftpipv4To install firmware from a system reboot Press any key to display configuration menuRestoring the previous configuration To backup configuration using the CLITo restore configuration using the CLI Additional CLI Commands for a USB keyTo configure the USB Auto-Install using the CLI Testing new firmware before installing To test the new firmware imageTesting new firmware before installing Testing new firmware before installing Index 01-30006-0481-20080728 Page Page

110C specifications

The Fortinet 110C is a robust security appliance designed to provide comprehensive protection for small to medium-sized enterprises. It offers advanced security features combined with high-performance networking capabilities, making it an ideal choice for businesses looking to safeguard their digital assets while maintaining efficient network operations.

One of the standout features of the Fortinet 110C is its FortiOS operating system, which provides a unified security platform that integrates various security functionalities. This operating system supports firewall, VPN, intrusion prevention system (IPS), antivirus, and web filtering features, all managed from a single interface. This integration simplifies security management while enhancing overall performance.

The Fortinet 110C is equipped with an impressive throughput capacity, capable of managing up to 5 Gbps of firewall traffic and 1.5 Gbps of VPN throughput. This high performance ensures that businesses experience minimal latency and interruption, even during peak usage periods. The device also supports up to 100,000 concurrent sessions, which is crucial for organizations experiencing increases in network traffic or user connections.

In terms of connectivity, the Fortinet 110C features multiple Ethernet ports, including both WAN and LAN options, allowing for flexible network setups. The appliance supports VLAN configurations, enabling businesses to segment their networks for better security and traffic management. Additionally, the Fortinet 110C offers advanced routing features such as static and dynamic routing, which further enhances its functionality.

Security is paramount, and the Fortinet 110C excels with its comprehensive threat detection and prevention capabilities. Its Intrusion Prevention System (IPS) is designed to detect and neutralize threats in real-time, ensuring that sensitive business data remains protected. Moreover, the integrated antivirus engine scans traffic for malicious content, effectively blocking threats before they reach the network.

For businesses concerned about compliance, the Fortinet 110C includes features that support various regulatory requirements, such as logging and reporting capabilities. This ensures that organizations can maintain records of their network activity and meet audit requirements.

The Fortinet 110C also supports FortiGuard services, providing continuous updates to the security landscape. This ensures that the appliance is equipped to handle emerging threats, reinforcing the organization's security posture.

In conclusion, the Fortinet 110C is a powerful network security appliance that combines advanced security features with high performance. Its integration capabilities, impressive throughput, and robust security measures make it an optimal choice for small to medium-sized businesses looking to enhance their network security while maintaining operational efficiency. With FortiOS at its core and support for a wide range of security functionalities, the 110C stands out as a reliable solution in the ever-evolving cybersecurity landscape.
Top Page Image Contents