Policy CLI configurationFirewall

firewall policy command keywords and variables

Keywords and variables

Description

Default

Availability

http_retry_count

Define the number of times to retry

0

All models.

<retry_integer>

establishing an HTTP connection when

 

 

 

the connection fails.

 

 

 

 

 

 

natip

Configure natip for a firewall policy

0.0.0.0

All models.

<address_ipv4mask>

with action set to encrypt and with

0.0.0.0

Encrypt

 

outbound NAT enabled. Specify the IP

 

policy, with

 

address and subnet mask to translate

 

outbound

 

the source address of outgoing

 

NAT

 

packets.

 

enabled.

 

Set natip for peer to peer VPNs to

 

 

 

control outbound NAT IP address

 

 

 

translation for outgoing VPN packets.

 

 

 

If you do not use natip to translate IP

 

 

 

addresses, the source addresses of

 

 

 

outbound VPN packets are translated

 

 

 

into the IP address of the FortiGate

 

 

 

external interface. If you use natip, the

 

 

 

FortiGate unit uses a static mapping

 

 

 

scheme to translate the source

 

 

 

addresses of VPN packets into

 

 

 

corresponding IP addresses on the

 

 

 

subnet that you specify. For example, if

 

 

 

the source address in the encryption

 

 

 

policy is 192.168.1.0/24 and the natip is

 

 

 

172.16.2.0/24, a source address of

 

 

 

192.168.1.7 will be translated to

 

 

 

172.16.2.7

 

 

Address

You can add, edit, and delete firewall addresses as required. You can also organize related addresses into address groups to simplify policy creation.

A firewall address can be configured with a name, an IP address, and a netmask, or a name and IP address range.

You can enter an IP address and netmask using the following formats.

x.x.x.x/x.x.x.x, for example 64.198.45.0/255.255.255.0

x.x.x.x/x, for example 64.195.45.0/24

You can enter an IP address range using the following formats.

x.x.x.x-x.x.x.x, for example 192.168.110.100-192.168.110.120

x.x.x.[x-x], for example 192.168.110.[100-120]

x.x.x.*, for example 192.168.110.* to represent all addresses on the subnet

198

01-28007-0068-20041203

Fortinet Inc.

Page 198
Image 198
Fortinet 100A manual Address, Firewall policy command keywords and variables, 198

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.