Fortinet black logo

Handbook

Policies

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:139207
Download PDF

Policies

The firewall policies of the FortiGate are one of the most important aspects of the appliance. There are a lot of building blocks and configurations involved in setting up a firewall and it within the policies that a lot of these components come together to form a cohesive unit to perform the firewall's main function, analyzing network traffic and responding appropriately to the results of that analysis.

There are a few different kinds of policies and in most cases these are further divided into IPv4 and IPv6 versions:

  • IPv4 policy - used for managing traffic going through the appliance using IPv4 protocols
  • IPv6 policy - used for managing traffic going through the appliance using IPv6 protocols
  • NAT64 policy - used for managing traffic going through the appliance that converts from IPv6 on the incoming interface to IPv4 on the outgoing interface
  • NAT46 policy - used for managing traffic going through the appliance that converts from IPv4 on the incoming interface to IPv6 on the outgoing interface
  • Multicast policy - used to manage traffic sent to multiple destinations
  • IPv4 access control list - used to filter out packets based on specific IPV4 parameters.
  • IPv6 access control list - used to filter out packets based on specific IPV6 parameters.
  • IPv4 DoS policy - used to prevent malicious or flawed packets on an IPv4 interface from denying access to users.
  • IPv6 DoS policy - used to prevent malicious or flawed packets on an IPv6 interface from denying access to users.

Because the policy determines whether or not NAT will be used, it is also import to look at how to configure:

  • Central SNAT - used for granular controlling when NATing is in use.

Policies

The firewall policies of the FortiGate are one of the most important aspects of the appliance. There are a lot of building blocks and configurations involved in setting up a firewall and it within the policies that a lot of these components come together to form a cohesive unit to perform the firewall's main function, analyzing network traffic and responding appropriately to the results of that analysis.

There are a few different kinds of policies and in most cases these are further divided into IPv4 and IPv6 versions:

  • IPv4 policy - used for managing traffic going through the appliance using IPv4 protocols
  • IPv6 policy - used for managing traffic going through the appliance using IPv6 protocols
  • NAT64 policy - used for managing traffic going through the appliance that converts from IPv6 on the incoming interface to IPv4 on the outgoing interface
  • NAT46 policy - used for managing traffic going through the appliance that converts from IPv4 on the incoming interface to IPv6 on the outgoing interface
  • Multicast policy - used to manage traffic sent to multiple destinations
  • IPv4 access control list - used to filter out packets based on specific IPV4 parameters.
  • IPv6 access control list - used to filter out packets based on specific IPV6 parameters.
  • IPv4 DoS policy - used to prevent malicious or flawed packets on an IPv4 interface from denying access to users.
  • IPv6 DoS policy - used to prevent malicious or flawed packets on an IPv6 interface from denying access to users.

Because the policy determines whether or not NAT will be used, it is also import to look at how to configure:

  • Central SNAT - used for granular controlling when NATing is in use.