Firewall configuration

Default firewall configuration

 

 

The firewall uses these addresses to match the source and destination addresses of packets received by the firewall. The default policy matches all connections from the internal network because it includes the Internal_All address. The default policy also matches all connections to the external network because it includes the External_All address.

You can add more addresses to each interface to improve the control you have over connections through the firewall. For more information about firewall addresses, see “Addresses” on page 146.

You can also add firewall policies that perform network address translation (NAT). To use NAT to translate destination addresses, you must add virtual IPs. Virtual IPs map addresses on one network to a translated address on another network. For more information about Virtual IPs, see “Virtual IPs” on page 157.

Services

Policies can control connections based on the service or destination port number of packets. The default policy accepts connections using any service or destination port number. The firewall is configured with over 40 predefined services. You can add these services to a policy for more control over the services that can be used by connections through the firewall. You can also add user-defined services. For more information about services, see “Services” on page 149.

Schedules

Policies can control connections based on the time of day or day of the week when the firewall receives the connection. The default policy accepts connections at any time. The firewall is configured with one schedule that accepts connections at any time. You can add more schedules to control when policies are active. For more information about schedules, see “Schedules” on page 154.

Content profiles

Add content profiles to policies to apply antivirus protection, web filtering, and email filtering to web, file transfer, and email services. The FortiGate unit includes the following default content profiles:

Strict—to apply maximum content protection to HTTP, FTP, IMAP, POP3, and SMTP content traffic.

Scan—to apply antivirus scanning to HTTP, FTP, IMAP, POP3, and SMTP content traffic.

Web—to apply antivirus scanning and Web content blocking to HTTP content traffic.

Unfiltered—to allow oversized files to pass through the FortiGate unit without scanned for viruses.

The default policy includes the scan content profile.

For more information about content profiles, see “Content profiles” on page 166.

FortiGate-50A Installation and Configuration Guide

139

Page 138 Page 140
Page 139
Image 139
Fortinet 50A user manual Services, Schedules, Content profiles, 139
Page 138 Page 140
Top Page Image Contents