Firewall Policy Configuring firewall policies
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 335
http://docs.fortinet.com/ • Feedback
For information about how to create a firewall encryption policy for SSL VPN users, see
the “SSL VPN administration tasks” chapter of the FortiGate SSL VPN User Guide.
Figure 198: Selecting user groups for authentication
Traffic Shaping Select a traffic shaper for the policy. You can also select to create a
new traffic shaper. Traffic Shaping controls the bandwidth available to,
and sets the priority of the traffic processed by, the policy.
For information about traffic shaping, see “Traffic Shaping” on
page 423.
Reverse Direction
Traffic Shaping
Select to enable the reverse traffic shaping. For example, if the traffic
direction that a policy controls is from port1 to port2, select this option
will also apply the policy shaping configuration to traffic from port2 to
port1.
Reverse Direction
Traffic Shaping
Select to enable the reverse traffic shaping. For example, if the traffic
direction that a policy controls is from port1 to port2, select this option
will also apply the policy shaping configuration to traffic from port2 to
port1.
Log Allowed Traffic Select to record messages to the traffic log whenever the policy
processes a connection. You must also enable traffic log for a logging
location (syslog, WebTrends, local disk if available, memory, or
FortiAnalyzer) and set the logging severity level to Notification or lower
using the Log and Report screen. For more information see
“Log&Report” on page 647.
Enable Identity Based
Policy
Select to enable identity-based policy authentication.
Add Select to create an identity-based firewall policy.
Rule ID The ID number of the policy.
User Group The selected user groups that must authenticate to be allowed to use
this policy.
Schedule The one-time or recurring schedule that controls when the policy is in
effect.
You can also create schedules by selecting Create New from this list.
For more information, see “Firewall Schedule” on page 361.
Service The firewall service or service group that packets must match to
trigger this policy.
Profile The protection profile to apply antivirus, web filtering, web category
filtering, spam filtering, IPS, content archiving, and logging to this
policy. You can also create a protection profile by selecting
Create New from this list. For more information, see “Firewall
Protection Profile” on page 397.
Delete
Edit
Move Up
or Move Down
To Next Page
Loading...