FortiGate-100A Administration Guide Version 2.80 MR6
FortiGate-100A Administration Guide
01-28006-0068-20041105
189
Firewall
Firewall policies control all traffic passing through the FortiGate unit. Firewall policies
are instructions that the FortiGate unit uses to decide what to do with a connection
request. When the firewall receives a connection request in the form of a packet, it
analyzes the packet to extract its source address, destination address, and service
(by port number).
For the packet to be connected through the FortiGate unit, the source address,
destination address, and service of the packet must match a firewall policy. The policy
directs the firewall action on the packet. The action can be to allow the connection,
deny the connection, require authentication before the connection is allowed, or
process the packet as an IPSec VPN packet.
Each policy can be individually configured to route connections or apply network
address translation (NAT) to translate source and destination IP addresses and ports.
You can add IP pools to use dynamic NAT when the firewall translates source
addresses. You can use policies to configure port address translation (PAT) through
the FortiGate.
You can add protection profiles to firewall policies to apply different protection settings
for traffic that is controlled by firewall policies. You can use protection profiles to:
• Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP policies
• Configure web filtering for HTTP policies
• Configure web category filtering for HTTP policies
• Configure spam filtering for IMAP, POP3, and SMTP policies
• Enable IPS for all services
• Enable content archiving to a FortiLog unit for all services
You can also enable traffic logging for a firewall policy so that the FortiGate unit logs
all connections that use this policy.
This chapter describes:
•
Policy
•
Address
•
Service
•
Schedule
•
Virtual IP
•
IP pool
•
Protection profile
Содержание FortiGate FortiGate-100A
Страница 24: ...24 01 28006 0068 20041105 Fortinet Inc FortiLog documentation Introduction...
Страница 46: ...46 01 28006 0068 20041105 Fortinet Inc Installing and using a backup firmware image System status...
Страница 72: ...72 01 28006 0068 20041105 Fortinet Inc Transparent mode VLAN settings System network...
Страница 80: ...80 01 28006 0068 20041105 Fortinet Inc DHCP IP MAC binding settings System DHCP...
Страница 114: ...114 01 28006 0068 20041105 Fortinet Inc Access profile options System administration...
Страница 232: ...232 01 28006 0068 20041105 Fortinet Inc CLI configuration Firewall...
Страница 244: ...244 01 28006 0068 20041105 Fortinet Inc peergrp Users and authentication...
Страница 320: ...320 01 28006 0068 20041105 Fortinet Inc service smtp Antivirus...
Страница 366: ...366 01 28006 0068 20041105 Fortinet Inc syslogd setting Log Report...
Страница 380: ...380 01 28006 0068 20041105 Fortinet Inc Glossary...
Страница 388: ...388 01 28006 0068 20041105 Fortinet Inc Index...