By default, the users on your internal network can connect through the FortiGate unit
to the Internet. The firewall blocks all other connections. The firewall is configured with
a default policy that matches any connection request received from the internal
network and instructs the firewall to forward the connection to the Internet.

The default policy also applies virus scanning to all HTTP, FTP, SMTP, POP3, and
IMAP traffic matched by the policy. The policy applies virus scanning because the
Antivirus & Web Filter option is selected and the Content profile is set to Scan. For
more information about content profiles, see

“Content profiles” on page 218

Figure 39: Default firewall policy

•

•

•

•

•

•

•