Firewall policies control connections between interfaces. By default, the users on your
internal network can connect through the FortiGate unit to the Internet. The firewall
blocks all other connections.

The firewall is configured with a default policy that matches any connection request
received from the internal network and instructs the firewall to forward the connection
to the Internet.

The default policy also applies virus scanning to all HTTP, FTP, SMTP, POP3, and
IMAP traffic matched by the policy. The policy applies virus scanning because the
Antivirus & Web Filter option is selected and the Content profile is set to Scan. For
more information about content profiles, see

“Content profiles” on page 166

Figure 4: Default firewall policy

•

•

•

•

Addresses

Add policies to control connections between FortiGate interfaces and between the
networks connected to these interfaces. To add policies between interfaces, the
interfaces must include addresses. By default the FortiGate unit is configured with two
firewall addresses:

• Internal_All, added to the internal interface, this address matches all addresses on

the internal network.

• External_All, added to the external interface, this address matches all addresses

on the external network.