beautypg.com

Firewall configuration – Fortinet FortiGate 50A User Manual

Page 137

background image

FortiGate-50A Installation and Configuration Guide Version 2.50

FortiGate-50A Installation and Configuration Guide

137

Firewall configuration

Firewall policies control all traffic passing through the FortiGate unit. Firewall policies
are instructions that the FortiGate unit uses to decide what to do with a connection
request. When the firewall receives a connection request in the form of a packet, it
analyzes the packet to extract its source address, destination address, and service
(port number).

For the packet to be connected through the FortiGate unit, a firewall policy must be in
place that matches the source address, destination address, and service of the
packet. The policy directs the firewall action on the packet. The action can be to allow
the connection, deny the connection, require authentication before the connection is
allowed, or process the packet as an IPSec VPN packet. You can also add schedules
to policies so that the firewall can process connections differently depending on the
time of day or the day of the week, month, or year.

Each policy can be individually configured to route connections or apply network
address translation (NAT) to translate source and destination IP addresses and ports.
You can add IP pools to use dynamic NAT when the firewall translates source
addresses. You can use policies to configure port address translation (PAT) through
the FortiGate.

You can add content profiles to policies to apply antivirus protection, web filtering, and
email filtering to web, file transfer, and email services. You can create content profiles
that perform one or any combination of the following actions:

• Apply antivirus protection to HTTP, FTP, SMTP, IMAP, or POP3 services.
• Apply web filtering to HTTP services.
• Apply email filtering to IMAP and POP3 services.

You can also add logging to a firewall policy so that the FortiGate unit logs all
connections that use this policy.