Firewall Policy Firewall policy examples
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 343
http://docs.fortinet.com/ • Feedback
A few users may need special web and catalog server access to update information on
those servers, depending on how they are configured. Special access can be allowed
based on IP address or user.
The proposed topography has the main branch staff and the catalog access terminals
going through a FortiGate HA cluster to the servers in a DMZ. The public access terminals
first go through a FortiWiFi unit, where additional policies can be applied, to the HA
Cluster and finally to the servers.
The branch office has all three users routed through a FortiWiFi unit to the main branch via
VPN tunnels.
Figure 205: Proposed library system network topology
Policies are configured in Firewall > Policy. Protection Profiles are configured in Firewall >
Protection Profile.
Main office “staff to Internet” policy:
Source Interface Internal
Source Address All
Destination Interface External
Destination Address All
Schedule Always
Action Accept
To Next Page
Loading...