Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.2.7 Administration Guide
    6.2.7
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Virtual wire pair policy

    Virtual wire pair policy

    The section describes how to create virtual wire pair policies. Before you can create a policy, you must create a virtual wire pair. See Configuring virtual wire pairs.

    You must display the option before you can set it. On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 Virtual Wire Pair Policy checkbox to display this option.
    To create a virtual wire pair policy:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package in which you will be creating the new policy, select IPv4 Virtual Wire Pair Policy.
    4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
    5. Enter the following information, then click OK to create the policy:

      Name

      Enter a unique name for the policy. Each policy must have a unique name.

      Virtual Wire Pair Interface

      Select an interface. You can type the name of the interface to search for it in the list.

      Virtual Wire Pair

      Select an arrow to indicate the flow of traffic between ports.

      Source Internet Service

      Turn source internet service on or off, then select services from the Object Selector frame, or drag and drop them from the object pane.

      Source Address

      Select source addresses.

      This option is only available when Source Internet Service is off.

      Source User

      Select source users.

      This option is only available when Source Internet Service is off.

      Source User Group

      Select source user groups.

      This option is only available when Source Internet Service is off.

      Source Device

      Select source devices, device groups, and device categories.

      This option is only available when Source Internet Service is off.

      Internet Service

      Toggle ON to enable Internet service. Toggle OFF to disable Internet service.

      Destination Internet Service

      Turn destination internet service on or off, then select services.

      Destination Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      This option is available when Destination Internet Service is OFF.

      Service

      Select services and service groups.

      This option is available when Destination Internet Service is OFF.

      Schedule

      Select schedules, one time or recurring, and schedule groups.

      Action

      Select an action for the policy to take: Deny or Accept.

      Log Traffic

      When the Action is DENY, select Log Violation Traffic to log violation traffic.

      When the Action is ACCEPT, select one of the following options:

      • No Log
      • Log Security Events
      • Log All Sessions

      Generate Logs when Session Starts

      Select to generate logs when the session starts.

      Capture Packets

      Select to capture packets.

      This option is available when the Action is ACCEPT and Log Security Events or Log All Sessions is selected

      Security Profiles

      Select to add security profiles or profile groups.

      This option is available when Action is Accept.

      The following profile types can be added:

      • Antivirus Profile
      • Web Filter Profile
      • Application Control
      • IPS Profile
      • Email Filter Profile
      • DLP Sensor
      • VoIP Profile
      • ICAP Profile
      • SSL/SSH Inspection
      • Web Application Firewall
      • DNS Filter
      • Proxy Options
      • Profile Group (available when Use Security Profile Group is selected)

      Shared Shaper

      Select traffic shapers.

      This option is available if the Action is ACCEPT or IPSEC.

      Reverse Shaper

      Select traffic shapers.

      This option is available if the Action is ACCEPT or IPSEC and at least one forward traffic shaper is selected.

      Per-IP Shaper

      Select per IP traffic shapers.

      This option is available if the Action is ACCEPT or IPSEC.

      Description

      Add a description of the policy, such as its purpose, or the changes that have been made to it.

      Advanced Options

      Configure advanced options, see Advanced options.

      For more information on advanced option, see the FortiOS CLI Reference.
    Previous
    Next

    Virtual wire pair policy

    Virtual wire pair policy

    The section describes how to create virtual wire pair policies. Before you can create a policy, you must create a virtual wire pair. See Configuring virtual wire pairs.

    You must display the option before you can set it. On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the IPv4 Virtual Wire Pair Policy checkbox to display this option.
    To create a virtual wire pair policy:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package in which you will be creating the new policy, select IPv4 Virtual Wire Pair Policy.
    4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
    5. Enter the following information, then click OK to create the policy:

      Name

      Enter a unique name for the policy. Each policy must have a unique name.

      Virtual Wire Pair Interface

      Select an interface. You can type the name of the interface to search for it in the list.

      Virtual Wire Pair

      Select an arrow to indicate the flow of traffic between ports.

      Source Internet Service

      Turn source internet service on or off, then select services from the Object Selector frame, or drag and drop them from the object pane.

      Source Address

      Select source addresses.

      This option is only available when Source Internet Service is off.

      Source User

      Select source users.

      This option is only available when Source Internet Service is off.

      Source User Group

      Select source user groups.

      This option is only available when Source Internet Service is off.

      Source Device

      Select source devices, device groups, and device categories.

      This option is only available when Source Internet Service is off.

      Internet Service

      Toggle ON to enable Internet service. Toggle OFF to disable Internet service.

      Destination Internet Service

      Turn destination internet service on or off, then select services.

      Destination Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      This option is available when Destination Internet Service is OFF.

      Service

      Select services and service groups.

      This option is available when Destination Internet Service is OFF.

      Schedule

      Select schedules, one time or recurring, and schedule groups.

      Action

      Select an action for the policy to take: Deny or Accept.

      Log Traffic

      When the Action is DENY, select Log Violation Traffic to log violation traffic.

      When the Action is ACCEPT, select one of the following options:

      • No Log
      • Log Security Events
      • Log All Sessions

      Generate Logs when Session Starts

      Select to generate logs when the session starts.

      Capture Packets

      Select to capture packets.

      This option is available when the Action is ACCEPT and Log Security Events or Log All Sessions is selected

      Security Profiles

      Select to add security profiles or profile groups.

      This option is available when Action is Accept.

      The following profile types can be added:

      • Antivirus Profile
      • Web Filter Profile
      • Application Control
      • IPS Profile
      • Email Filter Profile
      • DLP Sensor
      • VoIP Profile
      • ICAP Profile
      • SSL/SSH Inspection
      • Web Application Firewall
      • DNS Filter
      • Proxy Options
      • Profile Group (available when Use Security Profile Group is selected)

      Shared Shaper

      Select traffic shapers.

      This option is available if the Action is ACCEPT or IPSEC.

      Reverse Shaper

      Select traffic shapers.

      This option is available if the Action is ACCEPT or IPSEC and at least one forward traffic shaper is selected.

      Per-IP Shaper

      Select per IP traffic shapers.

      This option is available if the Action is ACCEPT or IPSEC.

      Description

      Add a description of the policy, such as its purpose, or the changes that have been made to it.

      Advanced Options

      Configure advanced options, see Advanced options.

      For more information on advanced option, see the FortiOS CLI Reference.
    Previous
    Next