
Configuring policy lists | Firewall configuration |
|
|
A policy that is an exception to the default policy, for example, a policy to block FTP connections, must be placed above the default policy in the
Note: Policies that require authentication must be added to the policy list above matching policies that do not; otherwise, the policy that does not require authentication is selected first.
Changing the order of policies in a policy list
1Go to Firewall > Policy.
2Select the policy list that you want to rearrange.
3Choose a policy to move and select Move To to change its order in the policy list.
4Type a number in the Move to field to specify where in the policy list to move the policy and select OK.
Enabling and disabling policies
You can enable and disable policies in the policy list to control whether the policy is active or not. The FortiGate unit matches enabled policies but does not match disabled policies.
Disabling a policy
Disable a policy to temporarily prevent the firewall from selecting the policy. Disabling a policy does not stop active communications sessions that have been allowed by the policy. To stop active communication sessions, see “System status” on page 110.
1Go to Firewall > Policy.
2Select the policy list containing the policy to disable.
3Clear the check box of the policy to disable.
Enabling a policy
Enable a policy that has been disabled so that the firewall can match connections with the policy.
1Go to Firewall > Policy.
2Select the policy list containing the policy to enable.
3Select the check box of the policy to enable.
178 | Fortinet Inc. |