To Next Page

To Previous Page

FortiGate Version 3.0 MR4 Administration Guide

230 01-30004-0203-20070102

Firewall policy examples Firewall Policy

3 Select OK

4 Select Create New and enter or select the following settings for Home_User_2:

5 Select OK

Figure 128:SOHO network topology with FortiGate-100

The proposed network is based around a ForitGate 100A unit. The 15 internal

computers are behind the FortiGate unit. They now access the email and web

servers in a DMZ, which is also behind the FortiGate unit. All home based

employees now access the office network through the FortiGate unit via VPN

tunnels.

Interface / Zone Source: internal Destination: wan1

Address Name Source:

CompanyA_network

Destination: All

Schedule Always

Service ANY

Action IPSEC

VPN Tunnel Home2_Tunnel

Allow Inbound yes

Allow outbound yes

Inbound NAT yes

Outbound NAT no

Protection Profile Enable and select standard_profile

Default Chapter3
- Table of Contents3
Introduction17
- Introducing the Fortigate Units18
- Fortinet Family of Products25
- About this Document27
  - Document Conventions29
- Fortigate Documentation29
- Customer Service and Technical Support31
Web-Based Manager33
- Button Bar Features34
- Web-Based Manager Pages37
System Status41
- Status Page41
  - Viewing System Status41
    - System Information43
    - License Information44
- Changing System Information49
  - Configuring System Time49
  - Changing the Fortigate Unit Host Name50
- Changing the Fortigate Firmware51
  - Upgrading to a New Firmware Version51
  - Reverting to a Previous Firmware Version51
- Viewing Operational History52
- Manually Updating Fortiguard Definitions53
- Viewing Statistics54
- Topology Viewer58
  - The Topology Viewer Window58
  - Customizing the Topology Diagram60
Using Virtual Domains61
- Virtual Domains61
  - VDOM Configuration Settings62
  - Global Configuration Settings63
- Enabling Vdoms64
- Configuring Vdoms and Global Settings64
System Network69
- Interface69
- Zone87
  - Zone Settings87
- Network Options88
  - DNS Servers89
  - Dead Gateway Detection89
- Routing Table (Transparent Mode)90
  - Transparent Mode Route Settings90
- Configuring the Modem Interface91
- VLAN Overview96
  - Fortigate Units and Vlans96
- Vlans in Nat/Route Mode97
- Vlans in Transparent Mode99
- Fortigate Ipv6 Support104
System Wireless105
- The Fortiwifi Wireless LAN Interface105
- Channel Assignments106
- System Wireless Settings (Fortiwifi-60)107
- System Wireless Settings (Fortiwifi-60A and 60AM)109
- Wireless MAC Filter110
- Wireless Monitor111
System DHCP113
- Fortigate DHCP Servers and Relays113
- Configuring DHCP Services114
  - Configuring an Interface as a DHCP Relay Agent115
  - Configuring a DHCP Server115
- Viewing Address Leases116
  - Reserving IP Addresses for Specific Clients117
- Ha119
System Config119
- HA Options119
- Cluster Members List122
- Viewing HA Statistics125
- Changing Subordinate Unit Host Name and Device Priority126
- Disconnecting a Cluster Unit from a Cluster126
- Snmp127
- Replacement Messages136
- Operation Mode and VDOM Management Access141
  - Changing Operation Mode141
  - Management Access142
System Admin143
- Administrators143
- Access Profiles148
  - Viewing the Access Profiles List151
  - Configuring an Access Profile152
- Fortimanager153
- Settings153
- Monitoring Administrators154
System Maintenance157
- Backup and Restore157
- Fortiguard Center161
- License172
System Chassis (Fortigate-5000 Series)173
- SMC (Shelf Manager Card)173
- Blades (Fortigate-5000 Chassis Slots)174
- Chassis Monitoring Event Log Messages176
Router Static177
- Routing Concepts177
- Static Route180
- Policy Route185
  - Adding a Route Policy186
  - Moving a Route Policy187
Router Dynamic189
- Rip189
- Ospf194
- Bgp202
  - How BGP Works202
  - Viewing and Editing BGP Settings203
- Multicast204
  - Viewing and Editing Multicast Settings204
  - Overriding the Multicast Settings on an Interface206
Router Monitor209
- Displaying Routing Information209
- Searching the Fortigate Routing Table211
Firewall Policy213
- About Firewall Policies213
  - How Policy Matching Works214
- Viewing the Firewall Policy List214
  - Adding a Firewall Policy215
  - Moving a Policy to a Different Position in the Policy List216
- Configuring Firewall Policies216
- Firewall Policy Examples228
  - Scenario One: SOHO Sized Business228
  - Scenario Two: Enterprise Sized Business231
Firewall Address235
- About Firewall Addresses235
- Viewing the Firewall Address List236
- Configuring Addresses237
- Viewing the Address Group List237
- Configuring Address Groups238
Firewall Service239
- Viewing the Predefined Service List239
- Viewing the Custom Service List243
- Configuring Custom Services243
- Viewing the Service Group List245
- Configuring Service Groups245
Firewall Schedule247
- Viewing the One-Time Schedule List247
- Configuring One-Time Schedules248
- Viewing the Recurring Schedule List248
- Configuring Recurring Schedules249
Firewall Virtual IP251
- Virtual Ips251
  - How Virtual Ips Map Connections through the Fortigate Unit251
- Viewing the Virtual IP List255
- Configuring Virtual Ips255
- Virtual IP Groups267
- Viewing the VIP Group List267
- Configuring VIP Groups268
- IP Pools269
  - IP Pools and Dynamic NAT269
  - IP Pools for Firewall Policies that Use Fixed Ports269
- Viewing the IP Pool List270
- Configuring IP Pools270
Firewall Protection Profile271
- What Is a Protection Profile271
  - Default Protection Profiles272
- Configuring a Protection Profile272
- Viewing the Protection Profile List272
- Adding a Protection Profile to a Policy282
- Protection Profile CLI Configuration283
Vpn Ipsec285
- Overview of Ipsec Interface Mode285
- Auto Key287
- Manual Key296
  - Creating a New Manual Key Configuration297
- Concentrator299
  - Defining Concentrator Options299
- Monitor300
Vpn Pptp303
- PPTP Range303
Vpn Ssl305
- Config305
- Monitor307
VPN Certificates309
- Local Certificates309
- Remote Certificates314
  - Importing Remote (OCSP) Certificates315
- CA Certificates315
  - Importing CA Certificates316
- Crl317
  - Importing a Certificate Revocation List317
User319
- Configuring User Authentication319
  - Setting Authentication Timeout320
  - Setting User Authentication Protocol Support320
- Local User Accounts321
  - Configuring a User Account321
- RADIUS Servers322
  - Configuring a RADIUS Server322
- LDAP Servers323
  - Configuring an LDAP Server324
- PKI Authentication325
  - Configuring PKI Users326
- Windows AD Servers326
  - Configuring a Windows AD Server327
- User Group327
- Configuring Peers and Peer Groups334
Antivirus335
- Order of Operations335
- Antivirus Elements335
  - Fortiguard Antivirus336
- Antivirus Settings and Controls337
- File Pattern338
- Quarantine341
- Config345
  - Viewing the Virus List345
  - Viewing the Grayware List346
- Antivirus CLI Configuration347
Intrusion Protection349
- About Intrusion Protection349
  - IPS Settings and Controls350
  - When to Use IPS350
- Predefined Signatures351
- Custom Signatures354
  - Viewing the Custom Signature List354
  - Creating Custom Signatures355
- Protocol Decoders356
  - Viewing the Protocol Decoder List356
  - Upgrading IPS Protocol Decoder List357
- Anomalies357
  - Viewing the Traffic Anomaly List358
  - Configuring IPS Traffic Anomalies358
- IPS CLI Configuration359
Web Filter361
- Order of Web Filtering361
- How Web Filtering Works361
- Web Filter Controls362
- Content Block364
- URL Filter369
- Fortiguard - Web Filter373
Antispam381
- Order of Spam Filtering381
- Anti-Spam Filter Controls382
- Banned Word384
- Black/White List387
- Advanced Antispam Configuration392
  - Config Spamfilter Mheader392
  - Config Spamfilter Rbl393
- Using Perl Regular Expressions393
IM, P2P & Voip397
- Overview397
- Configuring IM/P2P Protocols399
- Statistics401
  - Viewing Overview Statistics401
  - Viewing Statistics by Protocol402
- User403
Log&Report407
- Fortigate Logging407
- Log Severity Levels408
- Storing Logs409
- Log Types415
- High Availability Cluster Logging415
- Log Access419
- Content Archive425
- Alert Email426
  - Configuring Alert Email426
- Reports428
- Viewing Fortianalyzer Reports from a Fortigate Unit438
  - Viewing Parts of a Fortianalyzer Report438
Index439

Brand	Fortinet
Model	Fortigate-5000 series
Category	Firewall
Language	English

Fortinet Fortigate-5000 series User Manual

Table of Contents

Questions and Answers:

Fortinet Fortigate-5000 series Specifications

Related product manuals