
Firewall policy options | Firewall configuration |
|
|
Dynamic IP Pool
Fixed Port
You cannot select Dynamic IP Pool for
Select Dynamic IP Pool to translate the source address to an address randomly selected from an IP pool added to the destination interface of the policy. To add IP pools, see “IP pools” on page 164.
Select Fixed Port to prevent NAT from translating the source port. Some applications do not function correctly if the source port is changed. If you select Fixed Port, you must also select Dynamic IP Pool and add a dynamic IP pool address range to the destination interface of the policy. If you do not select Dynamic IP Pool, a policy with Fixed Port selected can only allow one connection at a time for this port or service.
VPN Tunnel
Select a VPN tunnel for an ENCRYPT policy. You can select an AutoIKE key or Manual Key tunnel. VPN Tunnel is not available in Transparent mode.
Allow inbound Select Allow inbound so that users behind the remote VPN gateway can connect to the source address.
Allow outbound Select Allow outbound so that users can connect to the destination address behind the remote VPN gateway.
Inbound NAT Select Inbound NAT to translate the source address of incoming packets to the FortiGate internal IP address.
Outbound NAT Select Outbound NAT to translate the source address of outgoing packets to the FortiGate external IP address.
Traffic Shaping
Traffic Shaping controls the bandwidth available to and sets the priority of the traffic processed by the policy. Traffic Shaping makes it possible to control which policies have the highest priority when large amounts of data are moving through the FortiGate device. For example, the policy for the corporate web server might be given higher priority than the policies for most employees’ computers. An employee who needs unusually
If you set both guaranteed bandwidth and maximum bandwidth to 0 the policy does not allow any traffic.
Guaranteed You can use traffic shaping to guarantee the amount of bandwidth available
Bandwidth through the firewall for a policy. Guarantee bandwidth (in Kbytes) to make sure that there is enough bandwidth available for a
Maximum You can also use traffic shaping to limit the amount of bandwidth available
Bandwidth through the firewall for a policy. Limit bandwidth to keep less important services from using bandwidth needed for more important services.
Traffic Priority Select High, Medium, or Low. Select Traffic Priority so that the FortiGate unit manages the relative priorities of different types of traffic. For example, a policy for connecting to a secure web server needed to support
146 | Fortinet Inc. |