FortiGate Version 3.0 MR4 Administration Guide
216 01-30004-0203-20070102
Configuring firewall policies Firewall Policy
5 Configure the policy.
For information about configuring policies, see “Configuring firewall policies” on
page 216.
6 Select OK.
7 Arrange policies in the policy list so they have the expected results.
For information about arranging policies in a policy list, see “How policy matching
works” on page 214 and “Moving a policy to a different position in the policy list”.
Moving a policy to a different position in the policy list
You can move a policy in the list to influence how policies are evaluated. When
more than one policy has been defined for the same interface pair, the policy that
is first in the list is evaluated first.
The ordering of firewall encryption policies is important to ensure that they take
effect as expected—firewall encryption policies must be evaluated before regular
firewall policies.
Moving a policy in the list does not change its policy ID number.
Figure 118:Move Policy
1 Go to Firewall > Policy.
2 Select the Move To icon in the row beside the policy that you want to move.
3 Specify the position for the policy.
4 Select OK.
Configuring firewall policies
Use firewall policies to define how a firewall policy is selected to be applied to a
communication session and to define how the FortiGate unit process the packets
in that communication session.
To add or edit a firewall policy go to Firewall > Policy.
You can add ACCEPT policies that accept communication sessions. Using an
accept policy you can apply FortiGate features such as virus scanning and
authentication to the communication session accepted by the policy. An ACCEPT
policy can enable interface-mode IPSec VPN traffic if either the source or the
destination is an IPSec virtual interface. For more information, see “Overview of
IPSec interface mode” on page 285.
You can add DENY policies to deny communication sessions.
To Next Page
Loading...
