Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 5.3.6 User Guide
    5.3.6
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring policies

    Configuring policies

    Go to Policy & Objects > Policy > Policy to create and edit policies.

    Your service provider can grant write access to your policies. If so, you are enabled to add/edit/delete, enable/disable, and change the order of the policies. If not, FortiPortal displays a warning message and restricts the data in the Policy page to read-only.

    Adding a new policy

    1. Right-click a policy in the list and select Create New.
    2. Enter values in the relevant fields and select Save.

    Updating a policy

    1. Right-click the policy in the list and select Edit.
    2. Modify the relevant fields and select Save.

    Deleting a policy

    Right-click the policy in the list and select Delete.

    Enabling or disabling a policy

    Right-click the policy in the list and select Enable or Disable. A policy in disabled state is marked with a red circle in the Seq.# column.

    Policy fields

    The Create New Policy/Edit Policy form contains the following fields (see the figure after the table for an example form):

    Settings

    Guidelines

    Name

    Type a name for this policy.

    Groups(s)

    Select one or more user groups from the drop-down list that will be controlled by this policy.

    User(s)

    Select one or more users from the drop-down list that will be controlled by this policy.

    Source Device Type

    Select which traffic-sending devices that will be controlled by this policy.

    Source Address

    Select to add one or more address objects.

    Outgoing Interface

    Select one or more interfaces from the drop-down list.

    Destination Address

    Select to add one or more address objects.

    Schedule

    Select one entry from the drop-down list.

    Service

    Select one or more services from the drop-down list.

    Action

    Accept or deny.

    If the action is set to Deny

    Log Violation Traffic

    Select this check box to create a log for each denied packet.

    If the action is set to Accept

    NAT

    If you select this option, network address translation is used.

    Use Destination Interface Address

    Select to use the destination interface address. This setting is enabled by default. Optionally, select Fixed Port.

    Dynamic IP Pool

    If you select this option, specify the IP pool to use.

    Logging Options

    Logging Options

    No Log

    No log is generated.

    Log Security Events

    Creates a log for each security event.

    Log All Sessions

    Logs all sessions. Requires extensive system resources and storage space. If you select this option, you can optionally select Generate Logs when Session Starts and Capture Packets.

    Other Options

    Enable Web Cache

    Enable web caching for this traffic.

    Enable WAN Optimization

    Enable WAN Optimization for this traffic.

    Enable Disclaimer

    Enable Disclaimer for this type of traffic.

    Redirect URL

    Configure the redirect URL of the disclaimer.

    Resolve User Names Using FSSO Agent

    Authenticate user credentials with FortiAuthenticator.

    Security Profiles

    Enable one or more security profiles for this traffic and then select the appropriate profiles to use.

    Traffic Shaping

    Apply traffic shaping to this traffic. The amount of shaping applied depends on the traffic priority that you configure (Guaranteed, High, Medium, Low).

    Reverse Direction Traffic Shaping

    Apply traffic shaping to the traffic coming in the reverse direction.

    Per-IP Traffic Shaping

    Apply the traffic shaping per-IP.

    Add tags

    You can add tags for tag management. Type a tag in the text field and select the add icon to apply the tag to the policy.

    Comments

    Type optional comments for the policy.

    The following figure shows the Create New Policy form:

    Moving a policy

    Policy move is not supported for FortiManager 5.4.0 or later release.
    To change the order of the policies:
    1. Right-click the policy in the list and select Move.
      The system opens a dialog box, showing the policy ID of the selected policy.
    2. Select the option of Before or After.
    3. Enter the target Policy ID.

      Enter the ID, NOT the sequence number.

      The system moves the selected policy to before/after the target.

    Re-installing the policy

    After you add or change a policy, select Installation to view the installation targets. Right-click a target and select Re-install to re-install the policy packages to the assigned devices.

    For additional information about policy types, refer to the chapter on Policy and Objects in the FortiManager Administrative Guide.

    Previous
    Next

    Configuring policies

    Configuring policies

    Go to Policy & Objects > Policy > Policy to create and edit policies.

    Your service provider can grant write access to your policies. If so, you are enabled to add/edit/delete, enable/disable, and change the order of the policies. If not, FortiPortal displays a warning message and restricts the data in the Policy page to read-only.

    Adding a new policy

    1. Right-click a policy in the list and select Create New.
    2. Enter values in the relevant fields and select Save.

    Updating a policy

    1. Right-click the policy in the list and select Edit.
    2. Modify the relevant fields and select Save.

    Deleting a policy

    Right-click the policy in the list and select Delete.

    Enabling or disabling a policy

    Right-click the policy in the list and select Enable or Disable. A policy in disabled state is marked with a red circle in the Seq.# column.

    Policy fields

    The Create New Policy/Edit Policy form contains the following fields (see the figure after the table for an example form):

    Settings

    Guidelines

    Name

    Type a name for this policy.

    Groups(s)

    Select one or more user groups from the drop-down list that will be controlled by this policy.

    User(s)

    Select one or more users from the drop-down list that will be controlled by this policy.

    Source Device Type

    Select which traffic-sending devices that will be controlled by this policy.

    Source Address

    Select to add one or more address objects.

    Outgoing Interface

    Select one or more interfaces from the drop-down list.

    Destination Address

    Select to add one or more address objects.

    Schedule

    Select one entry from the drop-down list.

    Service

    Select one or more services from the drop-down list.

    Action

    Accept or deny.

    If the action is set to Deny

    Log Violation Traffic

    Select this check box to create a log for each denied packet.

    If the action is set to Accept

    NAT

    If you select this option, network address translation is used.

    Use Destination Interface Address

    Select to use the destination interface address. This setting is enabled by default. Optionally, select Fixed Port.

    Dynamic IP Pool

    If you select this option, specify the IP pool to use.

    Logging Options

    Logging Options

    No Log

    No log is generated.

    Log Security Events

    Creates a log for each security event.

    Log All Sessions

    Logs all sessions. Requires extensive system resources and storage space. If you select this option, you can optionally select Generate Logs when Session Starts and Capture Packets.

    Other Options

    Enable Web Cache

    Enable web caching for this traffic.

    Enable WAN Optimization

    Enable WAN Optimization for this traffic.

    Enable Disclaimer

    Enable Disclaimer for this type of traffic.

    Redirect URL

    Configure the redirect URL of the disclaimer.

    Resolve User Names Using FSSO Agent

    Authenticate user credentials with FortiAuthenticator.

    Security Profiles

    Enable one or more security profiles for this traffic and then select the appropriate profiles to use.

    Traffic Shaping

    Apply traffic shaping to this traffic. The amount of shaping applied depends on the traffic priority that you configure (Guaranteed, High, Medium, Low).

    Reverse Direction Traffic Shaping

    Apply traffic shaping to the traffic coming in the reverse direction.

    Per-IP Traffic Shaping

    Apply the traffic shaping per-IP.

    Add tags

    You can add tags for tag management. Type a tag in the text field and select the add icon to apply the tag to the policy.

    Comments

    Type optional comments for the policy.

    The following figure shows the Create New Policy form:

    Moving a policy

    Policy move is not supported for FortiManager 5.4.0 or later release.
    To change the order of the policies:
    1. Right-click the policy in the list and select Move.
      The system opens a dialog box, showing the policy ID of the selected policy.
    2. Select the option of Before or After.
    3. Enter the target Policy ID.

      Enter the ID, NOT the sequence number.

      The system moves the selected policy to before/after the target.

    Re-installing the policy

    After you add or change a policy, select Installation to view the installation targets. Right-click a target and select Re-install to re-install the policy packages to the assigned devices.

    For additional information about policy types, refer to the chapter on Policy and Objects in the FortiManager Administrative Guide.

    Previous
    Next