Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating Policy Blocks

Policy Blocks are created to store multiple policies. Policy Blocks can be appended to a Policy Package. When creating a Policy Package, the administrator does not need to add one policy at a time. By appending a Policy Block to a Policy Package, the administrator can ensure that all policies in the Policy Block are added to the policy package together.

To create a new Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Right-click Policy Blocks and click New. The Create New Policy Block window opens.

  4. Configure the following details, then click OK to create the Policy Block.

    Name

    Enter a name for the new Policy Block.

    Central NAT

    Select the Central NAT check box to enable Central SNAT and Central DNAT policy types.

    NGFW Mode

    Select the NGFW mode, Profile-based (default) or Policy-based.

    SSL/SSH Inspection

    Select an SSL/SSH inspection type from the dropdown list.

    This option is only available for version 5.6 and later ADOMs when NGFW Mode is Policy-based.

Adding policies to a Policy Block

Policies can be added to a Policy Block in two ways. Create a new policy within a Policy Block or append an existing policy from a Policy Package to a Policy Block.

To create a new policy in a Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Go to Policy Blocks > [Policy_Block_Name]> IPv4 or IPv6.
  4. Click Create New. See IP policies on how to create an IPv4 or IPv6 policy.
To copy a policy into a Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Click [Policy_Package_Name]. For example, click Default.
  4. Click IPv4 or IPv6.
  5. Select one or more policies.
  6. Right-click and select Copy.
  7. Go to Policy Blocks > [Policy_Block_Name]> IPv4 or IPv6.
  8. Right-click and select Paste.

Once a policy is copied from an existing Policy Package (source) to a Policy Block (destination), it becomes an independent policy with no link to the original policy. Modifying or deleting the original policy will not affect the policy in the Policy Block.

Appending a Policy Block to a Policy Package

Once a Policy Block is created, it can be appended to a Policy Package. After appending the Policy Block to a Policy Package, assigning installation targets and installing the Policy Package to the installation targets, all the policies in the Policy Block are installed to the target.

After a Policy Block is appended to a Policy Package, you can add or remove policies from the Policy Block. You need to append the Policy Block to the Policy Package only once. It is not required to append the Policy Block to the Policy Package again after adding or removing policies from the Policy Block.

To append an existing policy to a Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Click [Policy_Package_Name]. For example, click Default.
  4. Select Policy Block > Append Policy Block.

  5. Select the Policy Block from the drop-down and click OK.

Deleting a Policy Block after it is appended to a Policy Package will automatically remove the Policy Block (and the included policies) from the Policy Package.

Creating Policy Blocks

Policy Blocks are created to store multiple policies. Policy Blocks can be appended to a Policy Package. When creating a Policy Package, the administrator does not need to add one policy at a time. By appending a Policy Block to a Policy Package, the administrator can ensure that all policies in the Policy Block are added to the policy package together.

To create a new Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Right-click Policy Blocks and click New. The Create New Policy Block window opens.

  4. Configure the following details, then click OK to create the Policy Block.

    Name

    Enter a name for the new Policy Block.

    Central NAT

    Select the Central NAT check box to enable Central SNAT and Central DNAT policy types.

    NGFW Mode

    Select the NGFW mode, Profile-based (default) or Policy-based.

    SSL/SSH Inspection

    Select an SSL/SSH inspection type from the dropdown list.

    This option is only available for version 5.6 and later ADOMs when NGFW Mode is Policy-based.

Adding policies to a Policy Block

Policies can be added to a Policy Block in two ways. Create a new policy within a Policy Block or append an existing policy from a Policy Package to a Policy Block.

To create a new policy in a Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Go to Policy Blocks > [Policy_Block_Name]> IPv4 or IPv6.
  4. Click Create New. See IP policies on how to create an IPv4 or IPv6 policy.
To copy a policy into a Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Click [Policy_Package_Name]. For example, click Default.
  4. Click IPv4 or IPv6.
  5. Select one or more policies.
  6. Right-click and select Copy.
  7. Go to Policy Blocks > [Policy_Block_Name]> IPv4 or IPv6.
  8. Right-click and select Paste.

Once a policy is copied from an existing Policy Package (source) to a Policy Block (destination), it becomes an independent policy with no link to the original policy. Modifying or deleting the original policy will not affect the policy in the Policy Block.

Appending a Policy Block to a Policy Package

Once a Policy Block is created, it can be appended to a Policy Package. After appending the Policy Block to a Policy Package, assigning installation targets and installing the Policy Package to the installation targets, all the policies in the Policy Block are installed to the target.

After a Policy Block is appended to a Policy Package, you can add or remove policies from the Policy Block. You need to append the Policy Block to the Policy Package only once. It is not required to append the Policy Block to the Policy Package again after adding or removing policies from the Policy Block.

To append an existing policy to a Policy Block:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects.
  3. Click [Policy_Package_Name]. For example, click Default.
  4. Select Policy Block > Append Policy Block.

  5. Select the Policy Block from the drop-down and click OK.

Deleting a Policy Block after it is appended to a Policy Package will automatically remove the Policy Block (and the included policies) from the Policy Package.