Default firewall configuration | Firewall configuration |
|
|
Addresses
To add policies between interfaces, VLAN subinterfaces, and zones, the firewall configuration must contain addresses for each interface, VLAN subinterface, or zone. By default the firewall configuration includes the addresses listed in Table 37.
Table 37: Default addresses
Interface | Address | Description |
|
|
|
Internal | Internal_All | This address matches all addresses on the internal network. |
|
|
|
External | External_All | This address matches all addresses on the external network. |
|
|
|
DMZ | DMZ_All | This address matches all addresses on the DMZ network. |
|
|
|
The firewall uses these addresses to match the source and destination addresses of packets received by the firewall. The default policy matches all connections from the internal network because it includes the Internal_All address. The default policy also matches all connections to the Internet because it includes the External_All address.
You can add more addresses to each interface to improve the control you have over connections through the firewall. For more information about addresses, see “Addresses” on page 197.
You can also add firewall policies that perform network address translation (NAT). To use NAT to translate destination addresses, you must add virtual IPs. Virtual IPs map addresses on one network to a translated address on another network. For more information about Virtual IPs, see “Virtual IPs” on page 208.
Services
Policies can control connections based on the service or destination port number of packets. The default policy accepts connections using any service or destination port number. The firewall is configured with over 40 predefined services. You can add these services to a policy for more control over the services that can be used by connections through the firewall. You can also add
Schedules
Policies can control connections based on the time of day or day of the week when the firewall receives the connection. The default policy accepts connections at any time. The firewall is configured with one schedule that accepts connections at any time. You can add more schedules to control when policies are active. For more information about schedules, see “Schedules” on page 205.
188 | Fortinet Inc. |
