Fortinet black logo

Configuring firewall policies

6.4.1
Copy Link
Copy Doc ID af159f67-b80a-11ea-8b7d-00505692583a:243409
Download PDF

Configuring firewall policies

Configure firewall policies for both the Overlay and Underlay traffic as indicated below.

In this example, the Overlay traffic does not require scanning, and the Underlay traffic requires scanning. The firewall policies are configured accordingly.

To configure a firewall policy for the Overlay traffic:
  1. Go to Policy & Objects > Firewall Policy, and click Create New . The New Policy screen displays.
  2. Configure the fields as follows:
    1. Enter a name in the Name field, like Out Overlay Traffic in this case.
    2. Select the appropriate interface from the Incoming Interface field. In this case, it is port3.
    3. Make sure the Outgoing Interface field is set to the Overlay SD-WAN zone.
      Configuring Overlay traffic firewall policy
    4. Since Overlay traffic does not require scanning, all the Security Profiles will remain turned off.
      Configuring a firewall policy
  3. Click OK.
To configure a firewall policy for the Underlay traffic:
  1. Go to Policy & Objects > Firewall Policy, and click Create New . The New Policy screen displays.
  2. Configure the fields as follows:
    1. Enter a name in the Name field, like Out Underlay Traffic in this case.
    2. Select the appropriate interface from the Incoming Interface field. In this case, it is port3.
    3. Make sure the Outgoing Interface field is set to the Underlay SD-WAN zone.
      Configuring Underlay traffic firewall policy
    4. Since Underlay traffic requires to be scanned, set the Security Profiles of AntiVirus, DNS Filter, Application Control, IPS, and SSL Inspection as turned on to scan the traffic.
      Configuring a firewall policy
  3. Click OK.

Once created, verify the firewall policies by navigating to Policy & Objects > Firewall Policy. The Security Profiles column indicates that the Out Overlay Traffic firewall policy for the Overlay traffic is set up to not scan any traffic, while the Out Underlay Traffic firewall policy is set to scan all traffic as SSL Inspection, IPS, Application Control, DNS Filter, and AntiVirus profiles are all active.

Verify firewall policies

Configuring firewall policies

Configure firewall policies for both the Overlay and Underlay traffic as indicated below.

In this example, the Overlay traffic does not require scanning, and the Underlay traffic requires scanning. The firewall policies are configured accordingly.

To configure a firewall policy for the Overlay traffic:
  1. Go to Policy & Objects > Firewall Policy, and click Create New . The New Policy screen displays.
  2. Configure the fields as follows:
    1. Enter a name in the Name field, like Out Overlay Traffic in this case.
    2. Select the appropriate interface from the Incoming Interface field. In this case, it is port3.
    3. Make sure the Outgoing Interface field is set to the Overlay SD-WAN zone.
      Configuring Overlay traffic firewall policy
    4. Since Overlay traffic does not require scanning, all the Security Profiles will remain turned off.
      Configuring a firewall policy
  3. Click OK.
To configure a firewall policy for the Underlay traffic:
  1. Go to Policy & Objects > Firewall Policy, and click Create New . The New Policy screen displays.
  2. Configure the fields as follows:
    1. Enter a name in the Name field, like Out Underlay Traffic in this case.
    2. Select the appropriate interface from the Incoming Interface field. In this case, it is port3.
    3. Make sure the Outgoing Interface field is set to the Underlay SD-WAN zone.
      Configuring Underlay traffic firewall policy
    4. Since Underlay traffic requires to be scanned, set the Security Profiles of AntiVirus, DNS Filter, Application Control, IPS, and SSL Inspection as turned on to scan the traffic.
      Configuring a firewall policy
  3. Click OK.

Once created, verify the firewall policies by navigating to Policy & Objects > Firewall Policy. The Security Profiles column indicates that the Out Overlay Traffic firewall policy for the Overlay traffic is set up to not scan any traffic, while the Out Underlay Traffic firewall policy is set to scan all traffic as SSL Inspection, IPS, Application Control, DNS Filter, and AntiVirus profiles are all active.

Verify firewall policies