Firewall Policy Configuring firewall policies
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 403
http://docs.fortinet.com/ • Feedback
For information about how to create a firewall encryption policy for SSL VPN users, see
the “SSL VPN administration tasks” chapter of the FortiGate SSL VPN User Guide.
Figure 215: Selecting user groups for authentication
Service
Available Services List of available services to include in the firewall policy. To add a
service to the list, select the name and then select the Right Arrow.
Selected Services List of services that are included in the firewall policy. To remove a
service from the list, select the name and then select the Left Arrow.
Schedule Select a one-time or recurring schedule that controls when the policy
is in effect.
You can also create schedules by selecting Create New from this list.
For more information, see “Firewall Schedule” on page 437.
Protection Profile Select a protection profile to apply to a firewall policy. You can also
create a protection profile by selecting Create New from this list. For
more information, see “Firewall Protection Profile” on page 479.
Traffic Shaping Select a traffic shaper for the policy. You can also select to create a
new traffic shaper. Traffic Shaping controls the bandwidth available to,
and sets the priority of the traffic processed by, the policy.
For information about traffic shaping, see “Traffic Shaping” on
page 441.
Reverse Direction
Traffic Shaping
Select to enable the reverse traffic shaping. For example, if the traffic
direction that a policy controls is from port1 to port2, select this option
will also apply the policy shaping configuration to traffic from port2 to
port1.
Reverse Direction
Traffic Shaping
Select to enable the reverse traffic shaping. For example, if the traffic
direction that a policy controls is from port1 to port2, select this option
will also apply the policy shaping configuration to traffic from port2 to
port1.
Log Allowed Traffic Select to record messages to the traffic log whenever the policy
processes a connection. You must also enable traffic log for a logging
location (syslog, WebTrends, local disk if available, memory, or
FortiAnalyzer) and set the logging severity level to Notification or lower
using the Log and Report screen. For more information see
“Log&Report” on page 709.
Enable Identity Based
Policy
Select to enable identity-based policy authentication.
Add Select to create an identity-based firewall policy.
Rule ID The ID number of the policy.
Delete
Edit
Move Up
or Move Down
To Next Page
Loading...
Need help?
General
