Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 22.4.0 FortiLAN Cloud User Guide
22.4.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

Adding an L3 Firewall Profile

Adding an L3 Firewall Profile

Layer 3 Firewall rules provide granular access control of client traffic in your wireless network. An L3 Firewall profile allows or denies traffic between wireless clients based on the configured source and destination IP addresses/ports and specific protocols. The L3 Firewall profile must be assigned to an SSID profile.

Notes:

  • The maximum number of rules allowed per profile are to 64.
  • FortiAP Advanced Management License is required for this feature.

Procedure steps

  1. On the FortiLAN Cloud Home page, select the network to which you want to create the L3 Firewall profile.
  2. In the Menu bar, click Configure.
  3. In the Navigation pane, click L3 Firewall Profile.
  4. Click Add Profile.
  5. Complete the following fields:

    Name

    A unique L3 Firewall Profile name. Valid range is 1 - 32 characters.

    Rule ID

    A unique rule identifier. The L3 Firewall rules are sorted and processed in the ascending order of the rule IDs, that is, starting from the lowest rule ID. The valid range is 1 - 65535 and a rule ID cannot be modified.

    Note: It is recommended to have a buffer between rule IDs to facilitate creating new rule IDs in future.

    Enabled

    Select to enable or disable the rule.

    Comment

    Any remarks/notes specific to the rule. The valid range is 0 – 255 characters.

    IP Version

    Select the IP rule type. You can create IPv4 or IPv6 rules based on your network requirements.

    Policy

    Select the policy action for the rule. Wireless traffic can be allowed or denied based on the configured rule.

    Protocol

    Select the protocol type to apply the rule. The protocol types are defined based on the Internet Assigned Numbers Authority (IANA) categorization. The valid range is 0 – 255.

    Source Address

    Specifies the source IP address to match the rule. You can select Any to specify all networks, Local LAN IP addresses, or Specify an IP address and the optional netmask length with a valid range of 0 – 32.

    Source PortSpecify the source port to match the rule. This can be a single port, port range, multiple comma-separated ports, or any denoted by a 0. The valid range is 0 – 65535.
    Destination AddressSpecifies the destination IP address to match the rule. You can select Any to specify all networks, Local LAN IP addresses, or Specify an IP address and the optional netmask length with a valid range of 0 – 32.
    Destination PortSpecify the destination port to match the rule. This can be a single port, port range, multiple comma-separated ports, or any denoted by a 0. The valid range is 0 – 65535.
Previous
Next

Adding an L3 Firewall Profile

Layer 3 Firewall rules provide granular access control of client traffic in your wireless network. An L3 Firewall profile allows or denies traffic between wireless clients based on the configured source and destination IP addresses/ports and specific protocols. The L3 Firewall profile must be assigned to an SSID profile.

Notes:

  • The maximum number of rules allowed per profile are to 64.
  • FortiAP Advanced Management License is required for this feature.

Procedure steps

  1. On the FortiLAN Cloud Home page, select the network to which you want to create the L3 Firewall profile.
  2. In the Menu bar, click Configure.
  3. In the Navigation pane, click L3 Firewall Profile.
  4. Click Add Profile.
  5. Complete the following fields:

    Name

    A unique L3 Firewall Profile name. Valid range is 1 - 32 characters.

    Rule ID

    A unique rule identifier. The L3 Firewall rules are sorted and processed in the ascending order of the rule IDs, that is, starting from the lowest rule ID. The valid range is 1 - 65535 and a rule ID cannot be modified.

    Note: It is recommended to have a buffer between rule IDs to facilitate creating new rule IDs in future.

    Enabled

    Select to enable or disable the rule.

    Comment

    Any remarks/notes specific to the rule. The valid range is 0 – 255 characters.

    IP Version

    Select the IP rule type. You can create IPv4 or IPv6 rules based on your network requirements.

    Policy

    Select the policy action for the rule. Wireless traffic can be allowed or denied based on the configured rule.

    Protocol

    Select the protocol type to apply the rule. The protocol types are defined based on the Internet Assigned Numbers Authority (IANA) categorization. The valid range is 0 – 255.

    Source Address

    Specifies the source IP address to match the rule. You can select Any to specify all networks, Local LAN IP addresses, or Specify an IP address and the optional netmask length with a valid range of 0 – 32.

    Source PortSpecify the source port to match the rule. This can be a single port, port range, multiple comma-separated ports, or any denoted by a 0. The valid range is 0 – 65535.
    Destination AddressSpecifies the destination IP address to match the rule. You can select Any to specify all networks, Local LAN IP addresses, or Specify an IP address and the optional netmask length with a valid range of 0 – 32.
    Destination PortSpecify the destination port to match the rule. This can be a single port, port range, multiple comma-separated ports, or any denoted by a 0. The valid range is 0 – 65535.
Previous
Next