Default firewall configuration

Firewall configuration

 

 

Default firewall configuration

By default, the users on the network connected to port1 can connect through the FortiGate unit to the network connected to port2. The firewall blocks all other connections. The firewall is configured with a default policy that matches any connection request received from the network connected to port1 and instructs the firewall to forward the connection to the network connected to port2.

Figure 4: Default firewall policy

Interfaces

VLAN subinterfaces

Zones

Addresses

Services

Schedules

Content profiles

Interfaces

Add policies to control connections between FortiGate interfaces and between the networks connected to these interfaces. By default, you can add policies for connections between the port1 to the port2 interfaces.

To add policies that include the port3 and port4/ha interfaces, you must use the following steps to add these interfaces to the firewall policy grid:

1If they are down, bring the port3 and port4/ha interfaces up. See “Bringing up an interface” on page 135

2Add IP addresses to port3 and port4/ha

See “Changing an interface static IP address” on page 136.

3Add firewall addresses for these interfaces. See “Adding addresses” on page 179.

VLAN subinterfaces

You can also add VLAN subinterfaces to the FortiGate configuration to control connections between VLANs. For more information about VLANs, see “Configuring VLANs” on page 139.

To add policies that include VLAN subinterfaces, you must use the following steps to add the VLAN subinterfaces to the firewall policy grid:

1Add VLAN subinterfaces to the FortiGate configuration. See “Adding VLAN subinterfaces” on page 141.

2Add firewall addresses for the VLAN subinterfaces. See “Adding addresses” on page 179.

170

Fortinet Inc.

Page 170
Image 170
Fortinet 400 manual Default firewall configuration, Interfaces, Vlan subinterfaces, 170