Configuring policy lists

Firewall configuration

 

 

A policy that is an exception to the default policy, for example, a policy to block FTP connections, must be placed above the default policy in the port1->port2 policy list. In this example, all FTP connection attempts from the internal network would then match the FTP policy and be blocked. Connection attempts for all other kinds of services would not match with the FTP policy but they would match with the default policy. Therefore, the firewall would still accept all other connections from the internal network.

Note: Policies that require authentication must be added to the policy list above matching policies that do not; otherwise, the policy that does not require authentication is selected first.

Changing the order of policies in a policy list

1Go to Firewall > Policy.

2Select the policy list that you want to rearrange.

3Choose a policy to move and select Move To to change its order in the policy list.

4Type a number in the Move to field to specify where in the policy list to move the policy and select OK.

Enabling and disabling policies

You can enable and disable policies in the policy list to control whether the policy is active or not. The FortiGate unit matches enabled policies but does not match disabled policies.

Disabling a policy

Disable a policy to temporarily prevent the firewall from selecting the policy. Disabling a policy does not stop active communications sessions that have been allowed by the policy. To stop active communication sessions, see “System status” on page 110.

1Go to Firewall > Policy.

2Select the policy list containing the policy to disable.

3Clear the check box of the policy to disable.

Enabling a policy

Enable a policy that has been disabled so that the firewall can match connections with the policy.

1Go to Firewall > Policy.

2Select the policy list containing the policy to enable.

3Select the check box of the policy to enable.

178

Fortinet Inc.

Page 178
Image 178
Fortinet 400 Changing the order of policies in a policy list, Enabling and disabling policies, Disabling a policy, 178