Firewall Policy Configuring firewall policies
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 393
http://docs.fortinet.com/ • Feedback
Figure 209: Firewall Policy options
Source
Interface/Zone
Select the name of the FortiGate network interface, virtual domain (VDOM) link,
or zone on which IP packets are received. Interfaces and zones are configured
on the System Network page. For more information, see “Configuring interfaces”
on page 177 and “Configuring zones” on page 198.
If you select Any as the source interface, the policy matches all interfaces as
source.
If Action is set to IPSEC, the interface is associated with the local private
network.
If Action is set to SSL-VPN, the interface is associated with connections from
remote SSL VPN clients.
Source Address Select the name of a firewall address to associate with the Source
Interface/Zone. Only packets whose header contains an IP address matching
the selected firewall address will be subject to this policy.
You can also create firewall addresses by selecting Create New from this list.
For more information, see “Configuring addresses” on page 423.
If you want to associate multiple firewall addresses or address groups with the
Source Interface/Zone, from Source Address, select Multiple. In the dialog box,
move the firewall addresses or address groups from the Available Addresses
section to the Members section, then select OK.
If Action is set to IPSEC, the address is the private IP address of the host,
server, or network behind the FortiGate unit.
If Action is set to SSL-VPN and the policy is for web-only mode clients, select all.
If Action is set to SSL-VPN and the policy is for tunnel mode clients, select the
name of the address that you reserved for tunnel mode clients.
To Next Page
Loading...
Need help?
General
