Fortinet black logo

Version:

6.5.0
6.4.0
6.3.0

Version:

6.2.0
6.1.0
6.0.0

Version:

5.5.0

Table of Contents

Cookbook

6.4.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0
Download PDF
Copy Doc ID 52c06fe2-eb01-11eb-97f7-00505692583a:275464
Copy Link

Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet

To create a firewall policy for guest access to DNS and FortiAuthenticator:
  1. Go to Policy & Objects > Firewall Policy and click Create New.
  2. Enter a name for the policy.
  3. In Incoming Interface, select the wired guest interface created in Wired Guest Interface.
  4. In Outgoing Interface, select the interface for FortiAuthenticator and DNS access.
  5. In Source, select an Address object.
  6. In Destination, select address objects for the FortiAuthenticator and DNS servers.
  7. Enable or disable NAT as required.
  8. Optionally, enable other options including Security Profiles for performing inspection using the security features of FortiGate.
  9. Click OK.
To create firewall policy for guest user internet access:
  1. Go to Policy & Objects > Firewall Policy and click Create New.
  2. Enter a name for the policy.
  3. In Incoming Interface, select the wired guest interface created in Wired Guest Interface.
  4. In Outgoing Interface, select the interface for internet access.
  5. In Source, select an address object and the guest group configured in Guest group on FortiGate.
  6. In Destination, select the All address object.
  7. Enable NAT.
  8. Optionally, enable other options including Security Profiles for performing inspection using the security features of FortiGate.
  9. Click OK.
Previous
Next

Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet

To create a firewall policy for guest access to DNS and FortiAuthenticator:
  1. Go to Policy & Objects > Firewall Policy and click Create New.
  2. Enter a name for the policy.
  3. In Incoming Interface, select the wired guest interface created in Wired Guest Interface.
  4. In Outgoing Interface, select the interface for FortiAuthenticator and DNS access.
  5. In Source, select an Address object.
  6. In Destination, select address objects for the FortiAuthenticator and DNS servers.
  7. Enable or disable NAT as required.
  8. Optionally, enable other options including Security Profiles for performing inspection using the security features of FortiGate.
  9. Click OK.
To create firewall policy for guest user internet access:
  1. Go to Policy & Objects > Firewall Policy and click Create New.
  2. Enter a name for the policy.
  3. In Incoming Interface, select the wired guest interface created in Wired Guest Interface.
  4. In Outgoing Interface, select the interface for internet access.
  5. In Source, select an address object and the guest group configured in Guest group on FortiGate.
  6. In Destination, select the All address object.
  7. Enable NAT.
  8. Optionally, enable other options including Security Profiles for performing inspection using the security features of FortiGate.
  9. Click OK.
Previous
Next