Configuring policies
Go to Policy to create and edit policies.
Your service provider can grant write access to your policies. If so, you are enabled to create/edit/delete, enable/disable, and change the order of the policies. If not, FortiPortal displays a warning message and restricts the data in the Policy page to read-only. |
Adding a new firewall policy
- Go to Policy.
- Select a policy package where this policy is created and Firewall Policy in Policy type.
- Select Create to create a new policy.
The Create Firewall Policy window opens.
- In the Create Firewall Policy window, enter the following information:
Settings
Guidelines
Name
Name for the policy.
Incoming Interface
From the dropdown, select one or more incoming interfaces.
Outgoing Interface
From the dropdown, select one or more outgoing interfaces.
Source Internet Service
Enable/disable the source internet service, then select services.
This option is only available for IPv4 policies.
IPv4 Source Address
Select the IPv4 source addresses.
This option is only available when Source Internet Service is disabled.
Source User
Select source users.
Source User Group
Select source user groups.
FSSO Groups
Select the FSSO groups added via Fortinet Single Sign-On.
Destination Internet Service
Enable/disable the destination internet service, then select services.
This option is only available for IPv4 policies.
IPv4 Destination Address
Select to add one or more address objects.
This option is only available when Destination Internet Service is disabled.
Service
Select services and service groups.
This option is only available when Destination Internet Service is disabled.
Schedule
Select one entry from the dropdown.
Action
Accept or deny.
Disclaimer Options
Display Disclaimer
Enable disclaimer for this type of traffic.
Customize Message
From the dropdown, select a customized message.
This option is only available if Display Disclaimer is enabled.
Logging Options
Log Violation Traffic
Enable to create a log for each denied packet.
Generate Logs when Session Starts
Enable to generate logs when the session starts.
Advanced
WCCP
Enable Web Cache Communication Protocol (WCCP).
Exempt from Captive Portal
Select to exempt from the captive portal.
Comments
Optionally, enter a comment for the policy.
- Click Save.
Updating a policy
To update a policy:
- Select a policy and then select Edit.
- Modify the relevant fields and select Save.
Deleting a policy
To delete a policy:
- Select policies in the list and then select Delete.
Re-installing the policy
To reinstall the policy:
- After you create or edit a policy, select Install to view the installation targets.
- Select the device and then select Install to install the policy packages to the assigned device.