Firewall configuration
Adding firewall policies
FortiGate-50 Installation and Configuration Guide
117
For NAT/Route mode policies where the address on the destination network is hidden
from the source network using NAT, the destination can also be a virtual IP that maps
the destination address of the packet to a hidden destination address. See
“Virtual
IPs” on page 131
.
Schedule
Select a schedule that controls when the policy is available to be matched with
connections. See
“Schedules” on page 129
.
Service
Select a service that matches the service (port number) of the packet. You can select
from a wide range of predefined services or add custom services and service groups.
See
“Services” on page 125
.
Action
Select how the firewall should respond when the policy matches a connection attempt.
NAT
Configure the policy for NAT. NAT translates the source address and the source port
of packets accepted by the policy. If you select NAT, you can also select Dynamic IP
Pool and Fixed Port. NAT is not available in Transparent mode.
ACCEPT
Accept the connection. If you select ACCEPT, you can also configure NAT
and Authentication for the policy.
DENY
Deny the connection. The only other policy option that you can configure is
log traffic, to log the connections denied by this policy.
ENCRYPT
Make this policy an IPSec VPN policy. If you select ENCRYPT, you can
select an AutoIKE key or Manual Key VPN tunnel for the policy and configure
other IPSec settings. You cannot add authentication to an ENCRYPT policy.
ENCRYPT is not available in Transparent mode. See
“Configuring encrypt
policies” on page 168
.
Dynamic IP
Pool
You cannot select Dynamic IP Pool for Int
->
Ext policies if the external
interface is configured using DHCP or PPPoE.
Select Dynamic IP Pool to translate the source address to an address
randomly selected from an IP pool added to the destination interface of the
policy. To add IP pools, see
“IP pools” on page 135
.
Fixed Port
Select Fixed Port to prevent NAT from translating the source port. Some
applications do not function correctly if the source port is changed. If you
select Fixed Port, you must also select Dynamic IP Pool and add a dynamic
IP pool address range to the destination interface of the policy. If you do not
select Dynamic IP Pool, a policy with Fixed Port selected can only allow one
connection at a time for this port or service.
Summary of Contents for FortiGate FortiGate-50
Page 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Page 32: ...32 Fortinet Inc Next steps Getting started...
Page 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Page 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Page 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Page 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Page 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Page 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Page 232: ...232 Fortinet Inc Glossary...