Configuring firewall policies
Firewall Policy
FortiGate Version 4.0 Administration Guide
330
01-400-89802-20090424
Figure 194: Creating identity-based firewall policies
6
From the
Available User Groups
list, select one or more user groups that must
authenticate to be allowed to use this policy. Select the right arrow to move the
selected user groups to the
Selected User Groups
list.
7
Select services in the
Available Services
list and then select the right arrow to move
them to the
Selected Services
list.
8
Select a schedule from the
Schedule
drop-down list. There is no default.
9
Optionally, select a
Protection Profile
, enable
User Authentication Disclaimer
or
Log
Allowed Traffic
.
10
Optionally, select
Traffic Shaping
and choose a traffic shaper.
11
Select
OK
.
IPSec firewall policy options
In a firewall policy (see
“Configuring firewall policies” on page 323
encryption options are available for IPSec. To configure these options, go to
Firewall >
Policy
, select
Create New
to add a firewall policy, or in the row corresponding to an
existing firewall policy, select
Edit
. Make sure that
Action
is set to
IPSEC
. Enter the
information in the following table and select
OK
.
Figure 195: IPSEC encryption policy
Right Arrow
Left Arrow
VPN Tunnel
Select the VPN tunnel name defined in the phase 1 configuration. The specified
tunnel will be subject to this firewall encryption policy.
Allow Inbound
Select to enable traffic from a dialup client or computers on the remote private
network to initiate the tunnel.
Allow outbound
Select to enable traffic from computers on the local private network to initiate
the tunnel.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...