Configuring firewall policies Firewall Policy
FortiGate Version 4.0 MR1 Administration Guide
392 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
• IPSEC and SSL-VPN policy actions apply a tunnel mode IPSec VPN or SSL VPN
tunnel, respectively, and may optionally apply NAT and allow traffic for one or both
directions. If permitted by the firewall encryption policy, a tunnel may be initiated
automatically whenever a packet matching the policy arrives on the specified network
interface, destined for the local private network. For more information, see “IPSec
firewall policy options” on page 399 and “Configuring SSL VPN identity-based firewall
policies” on page 400.
To add or edit a firewall policy, go to Firewall > Policy. Select Create New to add a policy
or select the edit icon beside an existing firewall policy. Configure the settings as
described in the following table and in the references to specific features for IPSec, SSL
VPN and other specialized settings, and then select OK.
If you want to create a DoS policy, go to Firewall > Policy > DoS Policy, and configure the
settings according to the following table. For more information, see “Using DoS policies to
detect and prevent attacks” on page 404.
If you want to use IPv6 firewall addresses in your firewall policy, first go to System > Admin
> Settings. Select “IPv6 Support on GUI”. Then go to Firewall > Policy > IPv6 Policy, and
configure the settings according to the following table.
Firewall policy order affects policy matching. Each time that you create or edit a policy,
make sure that you position it in the correct location in the list. You can create a new policy
and position it right away before an existing one in the firewall policy list, by selecting
Insert Policy before (see “Viewing the firewall policy list” on page 390).
Note: You can configure differentiated services (DSCP) firewall policy options through the
CLI. See the “firewall” chapter of the FortiGate CLI Reference.
To Next Page
Loading...
Need help?
General
