Fortinet black logo

Administration Guide

Home FortiGate CNF Administration Guide

Creating a policy set

Creating a policy set

FortiGate CNF provides two options for creating policy sets:

  • Create New > Policy Set by Wizard: For most workloads in AWS, the inbound and outbound policies are very simple. The wizard creates these policies with only a couple of clicks. Once the policy set is created, you can edit the created objects, if needed. For more information about editing the various types of policy objects, see Configuration.

  • Create New > Policy Set: Create Address, Service, and Security Profile objects individually and assemble them to form a policy.

For more information about policy set settings, see Editing or viewing a policy set.

To create a new policy set by wizard:

  1. In Policy Sets, click Create New and select Policy Set by Wizard.

  2. Enter a name for the policy and select the Wizard Type:

    • Outbound Basic : Creates an outbound policy that prevents the workload from contacting malicious IP addresses such as command-and-control centers.

    • Outbound Geo Policy: Creates an outbound policy identical to the Outbound Basic type and an inbound policy that blocks incoming traffic from certain geographic locations.

  3. Enable or disable logging.

  4. Select the Cloud Platform from the following options:

    • ALL: This policy set can be deployed to AWS or Azure instances.

    • AWS: This policy set can only be deployed to AWS CNF instances.

    • Azure: This policy set can only be deployed to Azure CNF instances.

      This setting cannot be changed.

  5. Click Next.

  6. Select the security profiles to enable, then click Next.

    For more information, see Security profiles.

  7. If Geographical Boundaries was selected, select the countries to block, then click Next.

  8. Click Finalize. The policy set is created and can now be installed on one or more FortiGate CNF instances.

To create a new policy set:

  1. In Policy Sets, click Create New and select Policy Set.

  2. Enter a Name for the policy set.

  3. Select the Cloud Platform from the following options:

    • ALL: This policy set can be deployed to AWS or Azure instances.

    • AWS: This policy set can only be deployed to AWS CNF instances.

    • Azure: This policy set can only be deployed to Azure CNF instances.

      This setting cannot be changed.

  4. Click OK. The new empty policy set is created.

  5. Add policies as needed.

    For more information about policy settings, see Editing or viewing a policy set.

Previous
Next

Creating a policy set

FortiGate CNF provides two options for creating policy sets:

  • Create New > Policy Set by Wizard: For most workloads in AWS, the inbound and outbound policies are very simple. The wizard creates these policies with only a couple of clicks. Once the policy set is created, you can edit the created objects, if needed. For more information about editing the various types of policy objects, see Configuration.

  • Create New > Policy Set: Create Address, Service, and Security Profile objects individually and assemble them to form a policy.

For more information about policy set settings, see Editing or viewing a policy set.

To create a new policy set by wizard:

  1. In Policy Sets, click Create New and select Policy Set by Wizard.

  2. Enter a name for the policy and select the Wizard Type:

    • Outbound Basic : Creates an outbound policy that prevents the workload from contacting malicious IP addresses such as command-and-control centers.

    • Outbound Geo Policy: Creates an outbound policy identical to the Outbound Basic type and an inbound policy that blocks incoming traffic from certain geographic locations.

  3. Enable or disable logging.

  4. Select the Cloud Platform from the following options:

    • ALL: This policy set can be deployed to AWS or Azure instances.

    • AWS: This policy set can only be deployed to AWS CNF instances.

    • Azure: This policy set can only be deployed to Azure CNF instances.

      This setting cannot be changed.

  5. Click Next.

  6. Select the security profiles to enable, then click Next.

    For more information, see Security profiles.

  7. If Geographical Boundaries was selected, select the countries to block, then click Next.

  8. Click Finalize. The policy set is created and can now be installed on one or more FortiGate CNF instances.

To create a new policy set:

  1. In Policy Sets, click Create New and select Policy Set.

  2. Enter a Name for the policy set.

  3. Select the Cloud Platform from the following options:

    • ALL: This policy set can be deployed to AWS or Azure instances.

    • AWS: This policy set can only be deployed to AWS CNF instances.

    • Azure: This policy set can only be deployed to Azure CNF instances.

      This setting cannot be changed.

  4. Click OK. The new empty policy set is created.

  5. Add policies as needed.

    For more information about policy settings, see Editing or viewing a policy set.

Previous
Next