Firewall configuration
Virtual IPs
FortiGate-50 Installation and Configuration Guide
131
Adding a schedule to a policy
After you have created schedules, you can add them to policies to schedule when the
policies are active. You can add the new schedules to policies when you create the
policy, or you can edit existing policies and add a new schedule to them.
1
Go to
Firewall > Policy
.
2
Select the tab corresponding to the type of policy to add.
3
Select New to add a policy or select Edit
to edit a policy to change its schedule.
4
Configure the policy as required.
5
Add a schedule by selecting it from the Schedule list.
6
Select OK to save the policy.
7
Arrange the policy in the policy list to have the effect that you expect.
For example, to use a one-time schedule to deny access to a policy, add a policy that
matches the policy to be denied in every way. Choose the one-time schedule that you
added and set Action to DENY. Then place the policy containing the one-time
schedule in the policy list above the policy to be denied.
Virtual IPs
Use virtual IPs to access IP addresses on a destination network that are hidden from
the source network by NAT security policies. To allow connections between these
networks, you must create a mapping between an address on the source network and
the real address on the destination network. This mapping is called a virtual IP.
For example, if the computer hosting your web server is located on your internal
network, it could have a private IP address such as 192.168.1.34. To get packets from
the Internet to the web server, you must have an external address for the web server
on the Internet. You must then add a virtual IP to the firewall that maps the external IP
address of the web server to the actual address of the web server on the internal
network. To allow connections from the Internet to the web server, you must then add
an Ext
->
Int firewall policy and set Destination to the virtual IP.
You can create two types of virtual IPs:
Static NAT
Used in to translate an address on a source network to a hidden address on
a destination network. Static NAT translates the source address of return
packets to the address on the source network.
Port Forwarding
Used to translate an address and a port number on a source network to a
hidden address and, optionally, a different port number on a destination
network. Using port forwarding you can also route packets with a specific
port number and a destination address that matches the IP address of the
interface that receives the packets. This technique is called port forwarding
or port address translation (PAT). You can also use port forwarding to change
the destination port of the forwarded packets.
Summary of Contents for FortiGate FortiGate-50
Page 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Page 32: ...32 Fortinet Inc Next steps Getting started...
Page 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Page 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Page 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Page 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Page 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Page 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Page 232: ...232 Fortinet Inc Glossary...