Policy sets

Creating FortiGate CNF policies is similar to FortiGate, but with a more limited set of policy and security profile options.

An ordered group of policies forms a policy set. A single policy set is then applied to a FortiGate CNF instance, rather than individual policies.

The same policy set may be installed on multiple instances.

A policy set can only be installed to CNF instances in the specified Cloud Platform. The possible values are as follows:

• ALL: This policy set can be deployed to AWS or Azure instances. All policy sets may not take advantage of platform-specific features.

• AWS: This policy set can only be deployed to AWS CNF instances.

• Azure: This policy set can only be deployed to Azure CNF instances.

FortiGate CNF comes with a preconfigured allow_all policy set that cannot be edited or deleted.

The allow_all policy set should only be used during the initial testing stage to help test routing. It should not be used for production since it does not provide any security protection.

The Policy Sets page lists the existing policy sets.

From this page you can:

• Create a new policy set.

• Edit a policy set.

• Delete a policy set.

For more detailed information about FortiGate policies, see Policies in the FortiGate Administration Guide.