Fortinet black logo

Administration Guide

Create new policy packages

Create new policy packages

To create a new global policy package:
  1. Ensure that you are in the Global ADOM.
  2. Go to Policy & Objects.
  3. From the Policy Package dropdown menu, select New or right-click beneath Policy Packages in the tree menu and select New. The Create New Policy Package window opens.
  4. Enter a name for the new global policy package.
  5. (Optional) Click the In Folder button to select a folder.
  6. (Optional) Select the Central NAT checkbox to enable Central SNAT and Central DNAT policy types.
  7. Click OK to add the policy package.
To create a new policy package:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects .
  3. From the Policy Package dropdown menu select New or right-click beneath Policy Packages in the tree menu and select New. The Create New Policy Package window opens.

  4. Configure the following details, then click OK to create the policy package.

    Name

    Enter a name for the new policy package.

    Central NAT

    Select the Central NAT check box to enable Central SNAT and Central DNAT policy types.

    NGFW Mode

    Select the NGFW mode, Profile-based (default) or Policy-based.

    SSL/SSH Inspection

    Select an SSL/SSH inspection type from the dropdown list.

    This option is only available for version 5.6 and later ADOMs when NGFW Mode is Policy-based.

    In Folder

    Optionally, click the In Folder button to select a folder for the package.

    Consolidated Firewall Mode

    Toggle the Consolidated Firewall Mode button to ON to create a consolidated IPv4 and IPv6 policy. By default, the button is turned to OFF.

The Consolidated Firewall Mode option is not available in the Global Database.

After turning the Consolidated Firewall Mode option to ON, and creating a consolidated IPv4 and IPv6 policy, turning the Consolidated Firewall Mode to OFF will make the consolidated IPv4 and IPv6 policy inaccessible. To access the consolidated IPv4 and IPv6 policy, you must keep the Consolidated Firewall Mode option ON.

Create new policy packages

To create a new global policy package:
  1. Ensure that you are in the Global ADOM.
  2. Go to Policy & Objects.
  3. From the Policy Package dropdown menu, select New or right-click beneath Policy Packages in the tree menu and select New. The Create New Policy Package window opens.
  4. Enter a name for the new global policy package.
  5. (Optional) Click the In Folder button to select a folder.
  6. (Optional) Select the Central NAT checkbox to enable Central SNAT and Central DNAT policy types.
  7. Click OK to add the policy package.
To create a new policy package:
  1. Ensure that you are in the correct ADOM.
  2. Go to Policy & Objects .
  3. From the Policy Package dropdown menu select New or right-click beneath Policy Packages in the tree menu and select New. The Create New Policy Package window opens.

  4. Configure the following details, then click OK to create the policy package.

    Name

    Enter a name for the new policy package.

    Central NAT

    Select the Central NAT check box to enable Central SNAT and Central DNAT policy types.

    NGFW Mode

    Select the NGFW mode, Profile-based (default) or Policy-based.

    SSL/SSH Inspection

    Select an SSL/SSH inspection type from the dropdown list.

    This option is only available for version 5.6 and later ADOMs when NGFW Mode is Policy-based.

    In Folder

    Optionally, click the In Folder button to select a folder for the package.

    Consolidated Firewall Mode

    Toggle the Consolidated Firewall Mode button to ON to create a consolidated IPv4 and IPv6 policy. By default, the button is turned to OFF.

The Consolidated Firewall Mode option is not available in the Global Database.

After turning the Consolidated Firewall Mode option to ON, and creating a consolidated IPv4 and IPv6 policy, turning the Consolidated Firewall Mode to OFF will make the consolidated IPv4 and IPv6 policy inaccessible. To access the consolidated IPv4 and IPv6 policy, you must keep the Consolidated Firewall Mode option ON.