Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate Cloud 25.4.a Administration Guide
    25.4.a
    26.1.a
    26.1.0
    25.4.a
    25.4.0

    Creating a policy

    Creating a policy

    You can create new central policies from the SDWan Overlay > Overlay Policy page.

    To create a new policy:

    1. Go to SDWan Overlay > Overlay Policy.

    2. Click Create.

    3. Enter a Name.

    4. Define the source:

      • To define a source address, select Address:

        1. Select the Site from the dropdown list.

        2. Select the Interface from the dropdown list.

        3. Select the Address from the dropdown list.

          Note

          You can create a new address in the SDWan Overlay > Addresses page. See Creating an address.

      • To define a source address group, select Address Group:

        1. Select the Address group from the dropdown menu.

          Note

          If there are no address groups listed, you can create a new address group in the SDWan Overlay > Addresses page. See Creating an address group.
    5. Define the destination:

      • To define a destination address, select Address:

        1. Select the Site from the dropdown list.

        2. Select the Interface from the dropdown list.

        3. Select the Address from the dropdown list.

          Note

          You can create a new address in the SDWan Overlay > Addresses page. See Creating an address.

      • To define a destination address group, select Address Group:

        1. Select the Address Group from the dropdown menu.

          Note

          If there are no address groups listed, you can create a new address group in the SDWan Overlay > Addresses page. See Creating an address group.

    6. Select the Service.

      Note

      You can create a new service in the SDWan Overlay > Services page. See Creating a service.

    7. Select the Service Group.

      Note

      If there are no service groups listed, you can create a new service group in the SDWan Overlay > Services page. See Creating a service group.

    8. Define the schedule of the policy:

      • To define the schedule, select Schedule:

        1. Select the Schedule from the dropdown list.

          Note

          You can create a new schedule in the SDWan Overlay > Schedules page. See Creating a recurring schedule and Creating a one-time schedule.

      • To define the schedule group, select Schedule Group:

        1. Select the Schedule Group from the dropdown list.

          Note

          If there are no schedule groups listed, you can create a new schedule group in the SDWan Overlay > Schedules page. See Creating a schedule group.

    9. Set the Action as accept or deny.

    10. Select the Security Profiles.

      Note

      Security profiles can be configured in the SDWan Overlay > Security profiles page. See Security profiles.

    11. Define the Logging Options:

      1. Toggle Log Allowed Traffic and select Security Events or All Sessions to define which events to log.

      2. Enable Generate Logs when Session Starts, if needed.

    12. (Optional) Enter a description for the policy.

    13. Toggle Enable this policy to enable or disable the policy.

    14. Click OK.

      Note

      Once a policy has been created, it will appear in the SDWan Overlay > Overlay policy list with the new status. You must save and apply the policy to the spoke FortiGates before they will take effect. See Applying policies.
    Previous
    Next

    Creating a policy

    Creating a policy

    You can create new central policies from the SDWan Overlay > Overlay Policy page.

    To create a new policy:

    1. Go to SDWan Overlay > Overlay Policy.

    2. Click Create.

    3. Enter a Name.

    4. Define the source:

      • To define a source address, select Address:

        1. Select the Site from the dropdown list.

        2. Select the Interface from the dropdown list.

        3. Select the Address from the dropdown list.

          Note

          You can create a new address in the SDWan Overlay > Addresses page. See Creating an address.

      • To define a source address group, select Address Group:

        1. Select the Address group from the dropdown menu.

          Note

          If there are no address groups listed, you can create a new address group in the SDWan Overlay > Addresses page. See Creating an address group.
    5. Define the destination:

      • To define a destination address, select Address:

        1. Select the Site from the dropdown list.

        2. Select the Interface from the dropdown list.

        3. Select the Address from the dropdown list.

          Note

          You can create a new address in the SDWan Overlay > Addresses page. See Creating an address.

      • To define a destination address group, select Address Group:

        1. Select the Address Group from the dropdown menu.

          Note

          If there are no address groups listed, you can create a new address group in the SDWan Overlay > Addresses page. See Creating an address group.

    6. Select the Service.

      Note

      You can create a new service in the SDWan Overlay > Services page. See Creating a service.

    7. Select the Service Group.

      Note

      If there are no service groups listed, you can create a new service group in the SDWan Overlay > Services page. See Creating a service group.

    8. Define the schedule of the policy:

      • To define the schedule, select Schedule:

        1. Select the Schedule from the dropdown list.

          Note

          You can create a new schedule in the SDWan Overlay > Schedules page. See Creating a recurring schedule and Creating a one-time schedule.

      • To define the schedule group, select Schedule Group:

        1. Select the Schedule Group from the dropdown list.

          Note

          If there are no schedule groups listed, you can create a new schedule group in the SDWan Overlay > Schedules page. See Creating a schedule group.

    9. Set the Action as accept or deny.

    10. Select the Security Profiles.

      Note

      Security profiles can be configured in the SDWan Overlay > Security profiles page. See Security profiles.

    11. Define the Logging Options:

      1. Toggle Log Allowed Traffic and select Security Events or All Sessions to define which events to log.

      2. Enable Generate Logs when Session Starts, if needed.

    12. (Optional) Enter a description for the policy.

    13. Toggle Enable this policy to enable or disable the policy.

    14. Click OK.

      Note

      Once a policy has been created, it will appear in the SDWan Overlay > Overlay policy list with the new status. You must save and apply the policy to the spoke FortiGates before they will take effect. See Applying policies.
    Previous
    Next