Fortinet 50A user manual

NAT

Configure the policy for NAT. NAT translates the source address and the source port of packets accepted by the policy. If you select NAT, you can also select Dynamic IP Pool and Fixed Port. NAT is not available in Transparent mode.

VPN Tunnel

Select a VPN tunnel for an ENCRYPT policy. You can select an AutoIKE key or Manual Key tunnel. VPN Tunnel is not available in Transparent mode.

Allow inbound Select Allow inbound so that users behind the remote VPN gateway can connect to the source address.

Allow outbound Select Allow outbound so that users can connect to the destination address behind the remote VPN gateway.

Inbound NAT Select Inbound NAT to translate the source address of incoming packets to the FortiGate internal IP address.

Outbound NAT Select Outbound NAT to translate the source address of outgoing packets to the FortiGate external IP address.

Traffic Shaping

Traffic Shaping controls the bandwidth available to and sets the priority of the traffic processed by the policy. Traffic Shaping makes it possible to control which policies have the highest priority when large amounts of data are moving through the FortiGate device. For example, the policy for the corporate web server might be given higher priority than the policies for most employees’ computers. An employee who needs unusually high-speed Internet access could have a special outgoing policy set up with higher bandwidth.

If you set both guaranteed bandwidth and maximum bandwidth to 0 the policy does not allow any traffic.

Guaranteed You can use traffic shaping to guarantee the amount of bandwidth available

Bandwidth through the firewall for a policy. Guarantee bandwidth (in Kbytes) to make sure that there is enough bandwidth available for a high-priority service.