FortiGate Version 3.0 MR4 Administration Guide
220 01-30004-0203-20070102
Configuring firewall policies Firewall Policy
Schedule Select a one-time or recurring schedule that controls when the policy is
available to be matched with communication sessions. Schedules can
be created in advance by going to Firewall > Schedule. See “Firewall
Schedule” on page 247.
You can also select Create New to create a Recurring or One-time
schedule during policy configuration. Add the information required for
the recurring or one-time schedule and select OK. The new schedule is
added to the Schedule list.
Service Select the name of a service or service group that matches the service
or protocol of the packets to be matched with this policy. Select from a
wide range of predefined services. Custom services can be created in
advanced by going to Firewall > Service > Custom. Service groups can
be created in advance by going to Firewall > Service > Group. See
“Configuring custom services” on page 243 and “Configuring service
groups” on page 245.
You can also select Create New to create a custom service or a service
group during policy configuration. Add the information required for the
custom service or service group and select OK. The new custom
service or service group is added to the Service list.
Action Select how you want the firewall to respond when a packet matches the
conditions of the policy.
ACCEPT Accept traffic matched by the policy. You can configure
NAT, protection profiles, log traffic, shape traffic, set
authentication options, or add a comment to the policy.
DENY Reject traffic matched by the policy. The only other
configurable policy options are to log traffic (to log the
connections denied by this policy) or add a comment.
IPSEC Configure an IPSec firewall encryption policy, which
causes the FortiGate unit to process IPSec VPN packets.
See “IPSec firewall policy options” on page 226.
SSL-VPN Configure an SSL-VPN firewall encryption policy, which
causes the FortiGate unit to accept SSL VPN traffic. This
option is available only after you have added a SSL-VPN
user group. See “SSL-VPN firewall policy options” on
page 226.
NAT Enable Network Address Translation for the policy. NAT translates the
source address and port of packets accepted by the policy. When NAT
is selected, Dynamic IP Pool and Fixed Port can be configured. NAT is
not available in Transparent mode.
To Next Page
Loading...
