114
Fortinet Inc.
Default firewall configuration
Firewall configuration
Default firewall configuration
Firewall policies control connections between interfaces. By default, the users on your
internal network can connect through the FortiGate unit to the Internet. The firewall
blocks all other connections.
The firewall is configured with a default policy that matches any connection request
received from the internal network and instructs the firewall to forward the connection
to the Internet.
The default policy also applies virus scanning to all HTTP, FTP, SMTP, POP3, and
IMAP traffic matched by the policy. The policy applies virus scanning because the
Antivirus & Web Filter option is selected and the Content profile is set to Scan. For
more information about content profiles, see
“Content profiles” on page 140
.
Figure 4: Default firewall policy
•
Addresses
•
Services
•
Schedules
•
Content profiles
Addresses
Add policies to control connections between FortiGate interfaces and between the
networks connected to these interfaces. To add policies between interfaces, the
interfaces must include addresses. By default the FortiGate unit is configured with two
firewall addresses:
• Internal_All, added to the internal interface, this address matches all addresses on
the internal network.
• External_All, added to the external interface, this address matches all addresses
on the external network.
The firewall uses these addresses to match the source and destination addresses of
packets received by the firewall. The default policy matches all connections from the
internal network because it includes the Internal_All address. The default policy also
matches all connections to the external network because it includes the External_All
address.
You can add more addresses to each interface to improve the control you have over
connections through the firewall. For more information about firewall addresses, see
“Addresses” on page 122
.
You can also add firewall policies that perform network address translation (NAT). To
use NAT to translate destination addresses, you must add virtual IPs. Virtual IPs map
addresses on one network to a translated address on another network. For more
information about Virtual IPs, see
“Virtual IPs” on page 131
.
Summary of Contents for FortiGate FortiGate-50
Page 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Page 32: ...32 Fortinet Inc Next steps Getting started...
Page 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Page 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Page 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Page 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Page 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Page 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Page 232: ...232 Fortinet Inc Glossary...