Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 7.0.8 User Guide
    7.0.8
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring a firewall policy

    Configuring a firewall policy

    Firewall policies are sets of instructions that control the traffic flow going through a firewall device. These instructions control where the traffic goes, how it is processed, if it is processed, and even whether or not it is allowed to pass through the firewall.

    To create or edit a firewall policy:
    1. Go to Policy.
    2. With the appropriate device selected, select Firewall Policy in the Policy type dropdown list.
    3. Click Create or select a policy and click Edit.
    4. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a name for the policy.

      Incoming Interface

      Select the incoming interfaces.

      Outgoing Interface

      Select the outgoing interfaces.

      Source Internet Service

      Enable or disable the source internet service, then select services.

      IPv4 Source Address

      Select the IPv4 source addresses.

      This option is only available when Source Internet Service is disabled.

      IPv6 Source Address

      Select the IPv6 source addresses.

      This option is only available when Source Internet Service is disabled.

      Source User

      Select source users.

      Source User Group

      Select source user groups.

      FSSO Groups

      Select the FSSO groups added via Fortinet Single Sign-On.

      Destination Internet Service

      Enable or disable the destination internet service, then select services.

      IPv4 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      IPv6 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      Service

      Select services and service groups.

      This option is only available when Destination Internet Service is disabled.

      Schedule

      Select one entry from the dropdown.

      Action

      Select whether to Deny or Accept matching traffic.

      Accept Options

      Inspection Mode

      Select the appropriate traffic inspection mode.

      Firewall/Network Options

      Enable or disable NAT and select the appropriate protocol options.

      Security Profiles Options

      • Enable or disable security profiles and select the appropriate profiles.

      • Select the SSL/SSH inspection profile to use for this policy.

      Traffic Shaping Options

      Select traffic shaping options for Shared Shaper, Reverse Shaper, and Per-IP Shaper.

      Disclaimer Options

      Display Disclaimer

      Enable or disable disclaimer for this type of traffic.

      Customize Message

      From the dropdown, select a customized message.

      This option is only available if Display Disclaimer is enabled.

      Logging Options

      Log Violation Traffic

      Enable to create a log for each denied packet.

      Capture Packets

      Enable or disable packet capture in logs.

      Generate Logs when Session Starts

      Enable to generate logs when the session starts.

      Advanced

      WCCP

      Enable Web Cache Communication Protocol (WCCP).

      Exempt from Captive Portal

      Select to exempt from the captive portal.

      Comments

      Optionally, enter a comment for the policy.

    5. Click Save.
    Previous
    Next

    Configuring a firewall policy

    Configuring a firewall policy

    Firewall policies are sets of instructions that control the traffic flow going through a firewall device. These instructions control where the traffic goes, how it is processed, if it is processed, and even whether or not it is allowed to pass through the firewall.

    To create or edit a firewall policy:
    1. Go to Policy.
    2. With the appropriate device selected, select Firewall Policy in the Policy type dropdown list.
    3. Click Create or select a policy and click Edit.
    4. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a name for the policy.

      Incoming Interface

      Select the incoming interfaces.

      Outgoing Interface

      Select the outgoing interfaces.

      Source Internet Service

      Enable or disable the source internet service, then select services.

      IPv4 Source Address

      Select the IPv4 source addresses.

      This option is only available when Source Internet Service is disabled.

      IPv6 Source Address

      Select the IPv6 source addresses.

      This option is only available when Source Internet Service is disabled.

      Source User

      Select source users.

      Source User Group

      Select source user groups.

      FSSO Groups

      Select the FSSO groups added via Fortinet Single Sign-On.

      Destination Internet Service

      Enable or disable the destination internet service, then select services.

      IPv4 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      IPv6 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      Service

      Select services and service groups.

      This option is only available when Destination Internet Service is disabled.

      Schedule

      Select one entry from the dropdown.

      Action

      Select whether to Deny or Accept matching traffic.

      Accept Options

      Inspection Mode

      Select the appropriate traffic inspection mode.

      Firewall/Network Options

      Enable or disable NAT and select the appropriate protocol options.

      Security Profiles Options

      • Enable or disable security profiles and select the appropriate profiles.

      • Select the SSL/SSH inspection profile to use for this policy.

      Traffic Shaping Options

      Select traffic shaping options for Shared Shaper, Reverse Shaper, and Per-IP Shaper.

      Disclaimer Options

      Display Disclaimer

      Enable or disable disclaimer for this type of traffic.

      Customize Message

      From the dropdown, select a customized message.

      This option is only available if Display Disclaimer is enabled.

      Logging Options

      Log Violation Traffic

      Enable to create a log for each denied packet.

      Capture Packets

      Enable or disable packet capture in logs.

      Generate Logs when Session Starts

      Enable to generate logs when the session starts.

      Advanced

      WCCP

      Enable Web Cache Communication Protocol (WCCP).

      Exempt from Captive Portal

      Select to exempt from the captive portal.

      Comments

      Optionally, enter a comment for the policy.

    5. Click Save.
    Previous
    Next