193

Firewall	Policy options

Action	Select how you want the firewall to respond when the policy matches
	a connection attempt.
	• ACCEPT: Select accept to accept connections matched by the
	policy. You can also configure NAT and Authentication for the policy.
	• DENY: Select deny to reject connections matched by the policy.
	the connection. The only other policy option that you can configure is
	Log Traffic, to log the connections denied by this policy.
	• ENCRYPT: Select encrypt to make this policy an IPSec VPN
	policy. When encrypt is selected the VPN Tunnel Options appear. You
	can select an AutoIKE Key or Manual Key VPN tunnel for the policy
	and configure other IPSec settings. You cannot add authentication to
	an ENCRYPT policy.
VPN Tunnel	Select a VPN tunnel for an ENCRYPT policy. You can select an
	AutoIKE key or Manual Key tunnel.
	• Allow Inbound: Select Allow inbound so that users behind the
	remote VPN gateway can connect to the source address.
	• Allow outbound: Select Allow outbound so that users can connect
	to the destination address behind the remote VPN gateway.
	• Inbound NAT: Select Inbound NAT to translate the source address
	of incoming packets to the FortiGate internal IP address.
	• Outbound NAT: Select Outbound NAT to translate the source
	address of outgoing packets to the FortiGate external IP address.
NAT	Select NAT to enable Network Address Translation for the policy. NAT
	translates the source address and port of packets accepted by the
	policy. If you select NAT, you can also select Dynamic IP Pool and
	Fixed Port. NAT is not available in Transparent mode.
	• Dynamic IP Pool: Select Dynamic IP Pool to translate the source
	address to an address randomly selected from the IP pool. An IP pool
	dropdown list appears when the policy destination interface is the
	same as the IP pool interface.
	You cannot select Dynamic IP Pool if the destination interface or
	VLAN subinterface is configured using DHCP or PPPoE.
	See “IP pool” on page 219.
	• Fixed Port: Select Fixed Port to prevent NAT from translating the
	source port. Some applications do not function correctly if the source
	port is changed. If you select Fixed Port, you must also select
	Dynamic IP Pool and add a dynamic IP pool address range to the
	destination interface of the policy. If you do not select Dynamic IP
	Pool, a policy with Fixed Port selected can only allow one connection
	at a time for this port or service.
Protection Profile	Select a protection profile to configure how antivirus and IPS
	protection, web, web content, and spam filtering are applied to the
	policy. See “Protection profile” on page 222. If you are configuring
	authentication in the advanced settings, you do not need to choose a
	protection profile since the user group chosen for authentication are
	already tied to protection profiles.
Log Traffic	Select Log Traffic to record messages to the traffic log whenever the
	policy processes a connection. You must also enable traffic log for a
	logging location (syslog, WebTrends, local disk if available, memory,
	or FortiLog) and set the logging severity level to Notification or lower.
	For information about logging see “Log & Report” on page 339.
Advanced	Select advanced to show more options.

FortiGate-100A Administration Guide

01-28007-0068-20041203

193 100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.

Fortinet 100A manual 193

Models: 100A

Action

VPN Tunnel

NAT

See “IP pool” on page 219.

Protection Profile

Log Traffic

Advanced

100A specifications