Firewall
Address
FortiGate-1000A/FA2 Administration Guide
01-28011-0254-20051115
213
Address
You can add, edit, and delete firewall addresses as required. You can also organize
related addresses into address groups to simplify policy creation.
A firewall address can be configured with a name, an IP address, and a netmask, or a
name and IP address range.
You can enter an IP address and netmask using the following formats.
• x.x.x.x/x.x.x.x, for example 64.198.45.0/255.255.255.0
• x.x.x.x/x, for example 64.195.45.0/24
You can enter an IP address range using the following formats.
• x.x.x.x-x.x.x.x, for example 192.168.110.100-192.168.110.120
• x.x.x.[x-x], for example 192.168.110.[100-120]
• x.x.x.*, for example 192.168.110.* to represent all addresses on the subnet
firewall policy command keywords and variables
Keywords and variables Description
Default
Availability
http_retry_count
<retry_integer>
Define the number of times to retry
establishing an HTTP connection when
the connection fails.
0
All models.
natip
<address_ipv4mask>
Configure
natip
for a firewall policy
with action set to
encrypt
and with
outbound NAT enabled. Specify the IP
address and subnet mask to translate
the source address of outgoing
packets.
Set
natip
for peer to peer VPNs to
control outbound NAT IP address
translation for outgoing VPN packets.
If you do not use natip to translate IP
addresses, the source addresses of
outbound VPN packets are translated
into the IP address of the FortiGate
external interface. If you use natip, the
FortiGate unit uses a static mapping
scheme to translate the source
addresses of VPN packets into
corresponding IP addresses on the
subnet that you specify. For example, if
the source address in the encryption
policy is 192.168.1.0/24 and the natip is
172.16.2.0/24, a source address of
192.168.1.7 will be translated to
172.16.2.7
0.0.0.0
0.0.0.0
All models.
Encrypt
policy, with
outbound
NAT
enabled.
Содержание FortiGate 1000A
Страница 80: ...80 01 28011 0254 20051115 Fortinet Inc FortiGate IPv6 support System Network ...
Страница 88: ...88 01 28011 0254 20051115 Fortinet Inc Dynamic IP System DHCP ...
Страница 122: ...122 01 28011 0254 20051115 Fortinet Inc FortiManager System Config ...
Страница 248: ...248 01 28011 0254 20051115 Fortinet Inc Protection profile Firewall ...
Страница 260: ...260 01 28011 0254 20051115 Fortinet Inc CLI configuration User ...
Страница 380: ...380 01 28011 0254 20051115 Fortinet Inc CLI configuration Log Report ...
Страница 392: ...392 01 28011 0254 20051115 Fortinet Inc Glossary ...