Fortinet black logo

Cookbook

Creating a security policy

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:502582
Download PDF

Creating a security policy

  1. To allow Internet users to reach the server, go to Policy & Objects > IPv4 Policy and create a new policy.

  2. Set Incoming Interface to your Internet-facing interface, Outgoing Interface to the interface connected to the server, and Destination Address to the VIP group.

    NAT is disabled for this policy so that the server sees the original source addresses of the packets it receives. This is the preferred setting for a number of reasons. For example, the server logs are more meaningful if they record the actual source addresses of your users.

    Note

    If the FortiGate has Central NAT enabled, the VIP objects won't be available for selection in the policy editing window.

Creating a security policy

  1. To allow Internet users to reach the server, go to Policy & Objects > IPv4 Policy and create a new policy.

  2. Set Incoming Interface to your Internet-facing interface, Outgoing Interface to the interface connected to the server, and Destination Address to the VIP group.

    NAT is disabled for this policy so that the server sees the original source addresses of the packets it receives. This is the preferred setting for a number of reasons. For example, the server logs are more meaningful if they record the actual source addresses of your users.

    Note

    If the FortiGate has Central NAT enabled, the VIP objects won't be available for selection in the policy editing window.