Configure firewall policies
Once you have completed setting the IP addresses/mask and services (protocols)/port ranges you want to control with firewall policies, you can then use the following commands to impose firewall policies on them.
CLI command |
Description |
---|---|
config firewall policy |
Enters firewall policy configuration mode. |
edit <name> |
Specify the name of the firewall configuration object. |
set srcintf |
Specify the ingress interface. |
set dstintf |
Specify the egress interface. |
set srcaddr |
Specify the source IP address, which can be either a single IP address or a range of IP addresses. |
set action {allow | deny} |
Select either of the following actions:
|
set status {enable | disable} |
Set the status of the policy:
|
set nat {enable | disable} |
Select an option for NAT:
|
Example firewall policy configurations:
config firewall policy
edit filter
set srcintf any
set dstintf any
set srcaddr rec
set dstaddr internet
set action deny
set status enable
set service service1 service2 service3 service4
set nat disable
next
end
The FortiExtender (Standalone) firewall is in White List mode, which blocks all traffic by default. You must create a policy to allow traffic into your network. |