Default firewall configuration | Firewall configuration |
|
|
Default firewall configuration
By default, the users on the network connected to port1 can connect through the FortiGate unit to the network connected to port2. The firewall blocks all other connections. The firewall is configured with a default policy that matches any connection request received from the network connected to port1 and instructs the firewall to forward the connection to the network connected to port2.
Figure 4: Default firewall policy
•Interfaces
•VLAN subinterfaces
•Zones
•Addresses
•Services
•Schedules
•Content profiles
Interfaces
Add policies to control connections between FortiGate interfaces and between the networks connected to these interfaces. By default, you can add policies for connections between the port1 to the port2 interfaces.
To add policies that include the port3 and port4/ha interfaces, you must use the following steps to add these interfaces to the firewall policy grid:
1If they are down, bring the port3 and port4/ha interfaces up. See “Bringing up an interface” on page 135
2Add IP addresses to port3 and port4/ha
See “Changing an interface static IP address” on page 136.
3Add firewall addresses for these interfaces. See “Adding addresses” on page 179.
VLAN subinterfaces
You can also add VLAN subinterfaces to the FortiGate configuration to control connections between VLANs. For more information about VLANs, see “Configuring VLANs” on page 139.
To add policies that include VLAN subinterfaces, you must use the following steps to add the VLAN subinterfaces to the firewall policy grid:
1Add VLAN subinterfaces to the FortiGate configuration. See “Adding VLAN subinterfaces” on page 141.
2Add firewall addresses for the VLAN subinterfaces. See “Adding addresses” on page 179.
170 | Fortinet Inc. |