Adding firewall policies

Firewall configuration

 

 

Adding firewall policies

Add Firewall policies to control connections and traffic between FortiGate interfaces.

To add a firewall policy

1Go to Firewall > Policy.

2Select the policy list to which you want to add the policy.

3Select New to add a new policy.

You can also select Insert Policy before on a policy in the list to add the new policy above a specific policy.

4Configure the policy:

For information about configuring the policy, see “Firewall policy options” on page 140.

5Select OK to add the policy.

6Arrange policies in the policy list so that they have the results that you expect.

For information about arranging policies in a policy list, see “Configuring policy lists” on page 144.

Firewall policy options

This section describes the options that you can add to firewall policies.

Source

Select an address or address group that matches the source address of the packet.

Before you can add this address to a policy, you must add it to the source interface.

For information about adding an address, see “Addresses” on page 146.

Destination

Select an address or address group that matches the destination address of the packet. Before you can add this address to a policy, you must add it to the destination interface. For information about adding an address, see “Addresses” on page 146.

For NAT/Route mode policies where the address on the destination network is hidden from the source network using NAT, the destination can also be a virtual IP that maps the destination address of the packet to a hidden destination address. See “Virtual IPs” on page 157.

Schedule

Select a schedule that controls when the policy is available to be matched with connections. See “Schedules” on page 154.

Service

Select a service that matches the service (port number) of the packet. You can select from a wide range of predefined services or add custom services and service groups. See “Services” on page 149.

140

Fortinet Inc.

Page 140
Image 140
Fortinet 50A user manual Adding firewall policies, 140