Addresses

Firewall configuration

 

 

Enabling and disabling policies

You can enable and disable policies in the policy list to control whether the policy is active or not. The FortiGate unit matches enabled policies but does not match disabled policies.

Disabling policies

Disable a policy to temporarily prevent the firewall from selecting the policy. Disabling a policy does not stop active communications sessions that have been allowed by the policy. For information about stopping active communication sessions, see “System status” on page 67.

To disable a policy

1Go to Firewall > Policy.

2Select the policy list that contains the policy that you want to disable.

3Clear the check box of the policy to disable it.

Enabling policies

Enable a policy that has been disabled so that the firewall can match connections with the policy.

To enable a policy

1Go to Firewall > Policy.

2Select the policy list that contains the policy that you want to enable.

3Select the check box of the policy to enable it.

Addresses

All policies require source and destination addresses. To add addresses to a policy between two interfaces, you must first add addresses to the address list for each interface.

You can add, edit, and delete all firewall addresses as required. You can also organize related addresses into address groups to simplify policy creation.

A firewall address consists of an IP address and a netmask. This information can represent:

The address of a subnet (for example, for a class C subnet, IP address: 192.168.20.0 and Netmask: 255.255.255.0).

A single IP address (for example, IP Address: 192.168.20.1 and

Netmask: 255.255.255.255)

All possible IP addresses (represented by IP Address: 0.0.0.0 and Netmask: 0.0.0.0)

Note: IP address: 0.0.0.0 and Netmask: 255.255.255.255 is not a valid firewall address.

146

Fortinet Inc.

Page 146
Image 146
Fortinet 50A user manual Addresses, Enabling and disabling policies, Disabling policies, Enabling policies, 146