Fortinet black logo

User Guide

Home FortiPortal 5.3.6 User Guide
5.3.6
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0

Configuring policies

Configuring policies

Go to Policy & Objects > Policy > Policy to create and edit policies.

Your service provider can grant write access to your policies. If so, you are enabled to add/edit/delete, enable/disable, and change the order of the policies. If not, FortiPortal displays a warning message and restricts the data in the Policy page to read-only.

Adding a new policy

  1. Right-click a policy in the list and select Create New.
  2. Enter values in the relevant fields and select Save.

Updating a policy

  1. Right-click the policy in the list and select Edit.
  2. Modify the relevant fields and select Save.

Deleting a policy

Right-click the policy in the list and select Delete.

Enabling or disabling a policy

Right-click the policy in the list and select Enable or Disable. A policy in disabled state is marked with a red circle in the Seq.# column.

Policy fields

The Create New Policy/Edit Policy form contains the following fields (see the figure after the table for an example form):

Settings

Guidelines

Name

Type a name for this policy.

Groups(s)

Select one or more user groups from the drop-down list that will be controlled by this policy.

User(s)

Select one or more users from the drop-down list that will be controlled by this policy.

Source Device Type

Select which traffic-sending devices that will be controlled by this policy.

Source Address

Select to add one or more address objects.

Outgoing Interface

Select one or more interfaces from the drop-down list.

Destination Address

Select to add one or more address objects.

Schedule

Select one entry from the drop-down list.

Service

Select one or more services from the drop-down list.

Action

Accept or deny.

If the action is set to Deny

Log Violation Traffic

Select this check box to create a log for each denied packet.

If the action is set to Accept

NAT

If you select this option, network address translation is used.

Use Destination Interface Address

Select to use the destination interface address. This setting is enabled by default. Optionally, select Fixed Port.

Dynamic IP Pool

If you select this option, specify the IP pool to use.

Logging Options

Logging Options

No Log

No log is generated.

Log Security Events

Creates a log for each security event.

Log All Sessions

Logs all sessions. Requires extensive system resources and storage space. If you select this option, you can optionally select Generate Logs when Session Starts and Capture Packets.

Other Options

Enable Web Cache

Enable web caching for this traffic.

Enable WAN Optimization

Enable WAN Optimization for this traffic.

Enable Disclaimer

Enable Disclaimer for this type of traffic.

Redirect URL

Configure the redirect URL of the disclaimer.

Resolve User Names Using FSSO Agent

Authenticate user credentials with FortiAuthenticator.

Security Profiles

Enable one or more security profiles for this traffic and then select the appropriate profiles to use.

Traffic Shaping

Apply traffic shaping to this traffic. The amount of shaping applied depends on the traffic priority that you configure (Guaranteed, High, Medium, Low).

Reverse Direction Traffic Shaping

Apply traffic shaping to the traffic coming in the reverse direction.

Per-IP Traffic Shaping

Apply the traffic shaping per-IP.

Add tags

You can add tags for tag management. Type a tag in the text field and select the add icon to apply the tag to the policy.

Comments

Type optional comments for the policy.

The following figure shows the Create New Policy form:

Moving a policy

Policy move is not supported for FortiManager 5.4.0 or later release.
To change the order of the policies:
  1. Right-click the policy in the list and select Move.
    The system opens a dialog box, showing the policy ID of the selected policy.
  2. Select the option of Before or After.
  3. Enter the target Policy ID.

    Enter the ID, NOT the sequence number.

    The system moves the selected policy to before/after the target.

Re-installing the policy

After you add or change a policy, select Installation to view the installation targets. Right-click a target and select Re-install to re-install the policy packages to the assigned devices.

For additional information about policy types, refer to the chapter on Policy and Objects in the FortiManager Administrative Guide.

Previous
Next

Configuring policies

Go to Policy & Objects > Policy > Policy to create and edit policies.

Your service provider can grant write access to your policies. If so, you are enabled to add/edit/delete, enable/disable, and change the order of the policies. If not, FortiPortal displays a warning message and restricts the data in the Policy page to read-only.

Adding a new policy

  1. Right-click a policy in the list and select Create New.
  2. Enter values in the relevant fields and select Save.

Updating a policy

  1. Right-click the policy in the list and select Edit.
  2. Modify the relevant fields and select Save.

Deleting a policy

Right-click the policy in the list and select Delete.

Enabling or disabling a policy

Right-click the policy in the list and select Enable or Disable. A policy in disabled state is marked with a red circle in the Seq.# column.

Policy fields

The Create New Policy/Edit Policy form contains the following fields (see the figure after the table for an example form):

Settings

Guidelines

Name

Type a name for this policy.

Groups(s)

Select one or more user groups from the drop-down list that will be controlled by this policy.

User(s)

Select one or more users from the drop-down list that will be controlled by this policy.

Source Device Type

Select which traffic-sending devices that will be controlled by this policy.

Source Address

Select to add one or more address objects.

Outgoing Interface

Select one or more interfaces from the drop-down list.

Destination Address

Select to add one or more address objects.

Schedule

Select one entry from the drop-down list.

Service

Select one or more services from the drop-down list.

Action

Accept or deny.

If the action is set to Deny

Log Violation Traffic

Select this check box to create a log for each denied packet.

If the action is set to Accept

NAT

If you select this option, network address translation is used.

Use Destination Interface Address

Select to use the destination interface address. This setting is enabled by default. Optionally, select Fixed Port.

Dynamic IP Pool

If you select this option, specify the IP pool to use.

Logging Options

Logging Options

No Log

No log is generated.

Log Security Events

Creates a log for each security event.

Log All Sessions

Logs all sessions. Requires extensive system resources and storage space. If you select this option, you can optionally select Generate Logs when Session Starts and Capture Packets.

Other Options

Enable Web Cache

Enable web caching for this traffic.

Enable WAN Optimization

Enable WAN Optimization for this traffic.

Enable Disclaimer

Enable Disclaimer for this type of traffic.

Redirect URL

Configure the redirect URL of the disclaimer.

Resolve User Names Using FSSO Agent

Authenticate user credentials with FortiAuthenticator.

Security Profiles

Enable one or more security profiles for this traffic and then select the appropriate profiles to use.

Traffic Shaping

Apply traffic shaping to this traffic. The amount of shaping applied depends on the traffic priority that you configure (Guaranteed, High, Medium, Low).

Reverse Direction Traffic Shaping

Apply traffic shaping to the traffic coming in the reverse direction.

Per-IP Traffic Shaping

Apply the traffic shaping per-IP.

Add tags

You can add tags for tag management. Type a tag in the text field and select the add icon to apply the tag to the policy.

Comments

Type optional comments for the policy.

The following figure shows the Create New Policy form:

Moving a policy

Policy move is not supported for FortiManager 5.4.0 or later release.
To change the order of the policies:
  1. Right-click the policy in the list and select Move.
    The system opens a dialog box, showing the policy ID of the selected policy.
  2. Select the option of Before or After.
  3. Enter the target Policy ID.

    Enter the ID, NOT the sequence number.

    The system moves the selected policy to before/after the target.

Re-installing the policy

After you add or change a policy, select Installation to view the installation targets. Right-click a target and select Re-install to re-install the policy packages to the assigned devices.

For additional information about policy types, refer to the chapter on Policy and Objects in the FortiManager Administrative Guide.

Previous
Next