Adding firewall policies, Services, Schedules, 172

Adding firewall policies	Firewall configuration

Services

Policies can also control connections based on the service or destination port number of packets. The default policy accepts connections to using any service or destination port number. The firewall is configured with over 40 predefined services. You can add these services to a policy for more control over the services that can be used by connections through the firewall. You can also add user-defined services. For more information about services, see “Services” on page 182.

Schedules

Policies can also control connections based on the time of day or day of the week when the firewall receives the connection. The default policy accepts connections at any time. The firewall is configured with one schedule that accepts connections at any time. You can add more schedules to control when policies are active. For more information about schedules, see “Schedules” on page 186.

Content profiles

Content profiles can be added to policies to apply antivirus protection, web filtering, and email filtering to web, file transfer, and email services. The FortiGate unit includes the following default content profiles:

•Strict: to apply maximum content protection to HTTP, FTP, IMAP, POP3, and SMTP content traffic.

•Scan: to apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content traffic.

•Web: to apply antivirus scanning and Web content blocking to HTTP content traffic.

•Unfiltered: to allow oversized files to pass through the FortiGate unit without scanned for viruses.

For more information about content profiles, see “Content profiles” on page 197.