Configuring firewall policies Firewall Policy
FortiGate Version 4.0 MR1 Administration Guide
402 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
To create an identity based firewall policy, select the Enable Identity Based Policy check
box. A table opens below the check box. Select Add. The New Authentication Rule dialog
opens (see Figure 214).
Figure 214: New Authentication Rule
NAT Enable or disable Network Address Translation (NAT) of the source
address and port of packets accepted by the policy. When NAT is
enabled, you can also configure Dynamic IP Pool and Fixed Port.
If you select a virtual IP as the Destination Address, but do not select
the NAT option, the FortiGate unit performs destination NAT (DNAT)
rather than full NAT. Source NAT (SNAT) is not performed.
Fixed Port Select Fixed Port to prevent NAT from translating the source port.
Enable Identity Based
Policy
Select to configure a SSL-VPN firewall policy that requires
authentication.
Add Select to configure the valid authentication methods, user group
names, and services. For more information, see “User Group” on
page 666.
Comments Add information about the policy. The maximum length is 63
characters.
User Group
Available User Groups List of user groups available for inclusion in the firewall policy. To add
a user group to the list, select the name and then select the Right
Arrow.
Selected User Groups List of user groups that are included in the firewall policy. To remove a
user group from the list, select the name and then select the Left
Arrow.