Firewall configuration | Default firewall configuration |
|
|
Interfaces
Add policies to control connections between FortiGate interfaces and between the networks connected to these interfaces. By default, you can add policies for connections that include the internal, external, and DMZ interfaces.
To add policies that include the port1 to port4 interfaces, you must use the following steps to add these interfaces to the firewall policy grid:
1If they are down, start the interfaces up.
See “Changing the administrative status of an interface” on page 139.
2Add IP addresses to the interfaces.
See “Configuring interfaces” on page 138.
3Add firewall addresses for these interfaces. See “Adding addresses” on page 197.
VLAN subinterfaces
You can also add VLAN subinterfaces to the FortiGate configuration to control connections between VLANs. For more information about VLANs, see “VLANs in NAT/Route mode” on page 146 or “Virtual domains in Transparent mode” on page 147.
To add policies that include VLAN subinterfaces, you must use the following steps to add the VLAN subinterfaces to the firewall policy grid:
1Add VLAN subinterfaces to the FortiGate configuration.
2Add firewall addresses for the VLAN subinterface. See “Adding addresses” on page 197.
Zones
You can add zones to the FortiGate configuration to group together related interfaces and VLAN subinterfaces to simplify firewall policy creation. For more information about zones, see “Configuring zones” on page 137.
To add policies for zones, you must use the following steps to add the zones to the firewall policy grid:
1Add zones to the FortiGate configuration. See “Adding zones” on page 138.
2Add interfaces and VLAN subinterfaces to the zone. See “Adding an interface to a zone” on page 139.
3Add firewall addresses for the zone. See “Adding addresses” on page 197.
187 |