Factory defaults
FortiGate-200A, FortiGate-300A, FortiGate-400A, and FortiGate-500A FortiOS 3.0 MR4 Install Guide
01-30004-0268-20070712 29
Factory default firewall configuration
FortiGate firewall policies control how all traffic is processed by the FortiGate unit.
Until firewall policies are added, no traffic can be accepted by or pass through the
FortiGate unit. To allow traffic through the FortiGate unit, you can add firewall
policies. See the FortiGate Administration Guide for information about adding
firewall policies.
The following firewall configuration settings are included in the default firewall
configuration to make it easier to add firewall policies.
Table 10: Factory default firewall configuration
The factory default firewall configuration is the same in NAT/Route mode and
Transparent mode.
Factory default protection profiles
Use protection profiles to apply different protection settings for traffic controlled by
firewall policies. You can use protection profiles to:
• configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP firewall
policies
• configure Web filtering for HTTP firewall policies
• configure Web category filtering for HTTP firewall policies
• configure spam filtering for IMAP, POP3 and SMTP firewall policies
• enable the Intrusion Protection System (IPS) for all services
• enable content logging for HTTP, FTP, IMAP, POP3, and SMTP firewall
policies
By using protection profiles, you can build protection configurations that can be
applied to different types of firewall policies. This allows you to customize types
and levels of protection for different firewall policies.
For example, while traffic between internal and external addresses might need
strict protection, traffic between trusted internal addresses might need moderate
protection. You can configure firewall policies for different traffic services to use
the same or different protection profiles.
Protection profiles can be added to NAT/Route mode and Transparent mode
firewall policies.
Configuration setting Name Description
Firewall address All Firewall address matches the source or
destination address of any packet.
Pre-defined service More than 50
predefined services
Select from any of the 50 pre-defined
services to control traffic through the
FortiGate unit that uses that service.
Recurring schedule Always The recurring schedule is valid at any
time.
Protection Profiles Strict, Scan, Web,
Unfiltered
Control how the FortiGate unit applies
virus scanning, web content filtering, spam
filtering, and IPS.
To Next Page
Loading...
