Fortinet black logo

Online Help

Home FortiCNP 22.4.a Online Help
22.4.a
22.4.a
22.3.b
22.3.a

Create FortiGate Firewall Policy

Create FortiGate Firewall Policy

FortiGate firewall policy monitors the outbound traffic and block malicious files through IPS Sensor.

The policy created here is an "outbound" policy that controls what goes from the FortiGate to the public internet.

  1. Log into FortiGate and go to Policy & Objects > Firewall Policy.
  2. Click +Create New to create a new firewall policy.
  3. Give a name for the policy, ex. outbound.

  4. Click Incoming Interface drop down menu and select port2.
  5. Click Outgoing Interface drop down menu and select port1.
  6. In Source, expand by clicking + and select "all".
  7. In Destination, expand by clicking + and select "all".
  8. In Service, expand by clicking + and select "ALL".
  9. In Inspection Mode, select Proxy-based.
  10. Go to Firewall/Network Options > Preserve Source Port, click toggle switch button to turn on.

  11. In Security Profiles > IPS, turn on IPS, and click drop down menu to select the IPS Sensor created.

  12. In Security Profiles > SSL Inspections, click drop down menu and select deep test or a SSL Inspection you have previously setup.
  13. In Logging Options > Log Allowed Traffic, select All Sessions.

  14. Turn on Logging Options > Generate Logs when Session Starts.
  15. Turn on Logging Options > Capture Packets.
  16. Click OK to finish.

Previous
Next

Create FortiGate Firewall Policy

FortiGate firewall policy monitors the outbound traffic and block malicious files through IPS Sensor.

The policy created here is an "outbound" policy that controls what goes from the FortiGate to the public internet.

  1. Log into FortiGate and go to Policy & Objects > Firewall Policy.
  2. Click +Create New to create a new firewall policy.
  3. Give a name for the policy, ex. outbound.

  4. Click Incoming Interface drop down menu and select port2.
  5. Click Outgoing Interface drop down menu and select port1.
  6. In Source, expand by clicking + and select "all".
  7. In Destination, expand by clicking + and select "all".
  8. In Service, expand by clicking + and select "ALL".
  9. In Inspection Mode, select Proxy-based.
  10. Go to Firewall/Network Options > Preserve Source Port, click toggle switch button to turn on.

  11. In Security Profiles > IPS, turn on IPS, and click drop down menu to select the IPS Sensor created.

  12. In Security Profiles > SSL Inspections, click drop down menu and select deep test or a SSL Inspection you have previously setup.
  13. In Logging Options > Log Allowed Traffic, select All Sessions.

  14. Turn on Logging Options > Generate Logs when Session Starts.
  15. Turn on Logging Options > Capture Packets.
  16. Click OK to finish.

Previous
Next