Fortinet black logo

Admin Guide (Standalone)

Configure firewall policies

Copy Link
Copy Doc ID 6d58dedc-fc57-11eb-8f3f-00505692583a:468046
Download PDF

Configure firewall policies

Once you have completed setting the IP addresses/mask and services (protocols)/port ranges you want to control with firewall policies, you can then use the following commands to impose firewall policies on them.

CLI command

Description

config firewall policy

Enters firewall policy configuration mode.

edit <name>

Specify the name of the firewall configuration object.

set srcintf

Specify the ingress interface.

set dstintf

Specify the egress interface.

set srcaddr

Specify the source IP address, which can be either a single IP address or a range of IP addresses.

set action {allow | deny}

Select either of the following actions:

  • allow—Allow access.
  • deny—Deny access.

set status {enable | disable}

Set the status of the policy:

  • enable—Enable the policy.
  • disable—Disable the policy.

set nat {enable | disable}

Select an option for NAT:

  • enable—Enable NAT.
  • disable—Disable NAT.
Example firewall policy configurations:

config firewall policy

edit filter

set srcintf any

set dstintf any

set srcaddr rec

set dstaddr internet

set action deny

set status enable

set service service1 service2 service3 service4

set nat disable

next

end

The FortiExtender (Standalone) firewall is in White List mode, which blocks all traffic by default. You must create a policy to allow traffic into your network.

Configure firewall policies

Once you have completed setting the IP addresses/mask and services (protocols)/port ranges you want to control with firewall policies, you can then use the following commands to impose firewall policies on them.

CLI command

Description

config firewall policy

Enters firewall policy configuration mode.

edit <name>

Specify the name of the firewall configuration object.

set srcintf

Specify the ingress interface.

set dstintf

Specify the egress interface.

set srcaddr

Specify the source IP address, which can be either a single IP address or a range of IP addresses.

set action {allow | deny}

Select either of the following actions:

  • allow—Allow access.
  • deny—Deny access.

set status {enable | disable}

Set the status of the policy:

  • enable—Enable the policy.
  • disable—Disable the policy.

set nat {enable | disable}

Select an option for NAT:

  • enable—Enable NAT.
  • disable—Disable NAT.
Example firewall policy configurations:

config firewall policy

edit filter

set srcintf any

set dstintf any

set srcaddr rec

set dstaddr internet

set action deny

set status enable

set service service1 service2 service3 service4

set nat disable

next

end

The FortiExtender (Standalone) firewall is in White List mode, which blocks all traffic by default. You must create a policy to allow traffic into your network.