Fortinet black logo

User Guide

Home FortiPortal 7.0.1 User Guide
7.0.1
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0

Types of objects

Types of objects

The page displays the following object categories:

Firewall Objects

Firewall objects are components of the firewall that go together like interlocking building blocks. Firewall objects can be configured once and then reused. They assist in making the administration of the firewall unit easier and more intuitive.

Firewall objects include address, schedule, service and virtual IP.

Address

You can specify an address as a country, an FQDN or as an IP subnet and mask. The address can apply to all interfaces, or you can configure a specific interface.

You can also create an address groups, which defines a group of related addresses.

Address firewall objects list looks like the following:

Schedule

You can specify a set of days and time ranges with recurring or one-time schedules.

Schedule firewall objects list looks like the following:

Service

Although numerous services are already configured, the system allows for administrators to configure their own.

The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):

  • IP—IP protocol number
  • TCP/UDP/SCTP—address and destination port range
  • ICMP—type and code

Service firewall objects list looks like the following:

Virtual IP

The Virtual IP objects map external IP addresses to internal addresses.

FortiPortal supports the following Virtual IP object types:

  • Virtual IP—uses static NAT to map a range of external addresses to an internal address range
  • Virtual IP Group—defines a group of one or more Virtual IPs, for ease of administration
  • IP Pool—defines an IP address or range of IP addresses to use as the source address (rather than the IP address of the interface)

Security Profiles

Security features protecting the network from threats are together known as security profiles.

The following security profiles are supported on FortiPortal:

  • Antivirus Profile

  • Intrusion Prevention Profile

  • Local Category

  • Web Rating Overrides

  • Web Filter Profile

  • Application Control

Antivirus Profile

Use the Antivirus profile to detect and identify viruses.

Antivirus security profiles list looks like the following:

Intrusion Prevention Profile

Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities.

Intrusion prevention profiles list looks like the following:

Local Category (security profile introduced with FortiPortal 1.2.0)

You can create a local category and then use Rating Override to assign URLs to the new category.

Web Rating Overrides (security profile introduced with FortiPortal 1.2.0)

Use a Web Rating Override object to override the rating for a URL.

Web Filter Profile

Set up a web filter profile to protect or limit user activity on the web.

The web filter security profiles list looks like the following:

Application Control

Use application control to detect network traffic and control application communication.

The application control security profiles list looks like the following:

User & Device

Security policies may allow access to specified users and user groups only.

User

A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

You can create local users (accounts stored on the firewall unit), see Configuring a user.

Two-factor authentication

Two-factor authentication methods, including FortiToken, provide additional security.

User Group

A user group is a list of user identities. To add or edit a user group, see Configuring a user group.

After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically.
Previous
Next

Types of objects

The page displays the following object categories:

Firewall Objects

Firewall objects are components of the firewall that go together like interlocking building blocks. Firewall objects can be configured once and then reused. They assist in making the administration of the firewall unit easier and more intuitive.

Firewall objects include address, schedule, service and virtual IP.

Address

You can specify an address as a country, an FQDN or as an IP subnet and mask. The address can apply to all interfaces, or you can configure a specific interface.

You can also create an address groups, which defines a group of related addresses.

Address firewall objects list looks like the following:

Schedule

You can specify a set of days and time ranges with recurring or one-time schedules.

Schedule firewall objects list looks like the following:

Service

Although numerous services are already configured, the system allows for administrators to configure their own.

The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):

  • IP—IP protocol number
  • TCP/UDP/SCTP—address and destination port range
  • ICMP—type and code

Service firewall objects list looks like the following:

Virtual IP

The Virtual IP objects map external IP addresses to internal addresses.

FortiPortal supports the following Virtual IP object types:

  • Virtual IP—uses static NAT to map a range of external addresses to an internal address range
  • Virtual IP Group—defines a group of one or more Virtual IPs, for ease of administration
  • IP Pool—defines an IP address or range of IP addresses to use as the source address (rather than the IP address of the interface)

Security Profiles

Security features protecting the network from threats are together known as security profiles.

The following security profiles are supported on FortiPortal:

  • Antivirus Profile

  • Intrusion Prevention Profile

  • Local Category

  • Web Rating Overrides

  • Web Filter Profile

  • Application Control

Antivirus Profile

Use the Antivirus profile to detect and identify viruses.

Antivirus security profiles list looks like the following:

Intrusion Prevention Profile

Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities.

Intrusion prevention profiles list looks like the following:

Local Category (security profile introduced with FortiPortal 1.2.0)

You can create a local category and then use Rating Override to assign URLs to the new category.

Web Rating Overrides (security profile introduced with FortiPortal 1.2.0)

Use a Web Rating Override object to override the rating for a URL.

Web Filter Profile

Set up a web filter profile to protect or limit user activity on the web.

The web filter security profiles list looks like the following:

Application Control

Use application control to detect network traffic and control application communication.

The application control security profiles list looks like the following:

User & Device

Security policies may allow access to specified users and user groups only.

User

A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

You can create local users (accounts stored on the firewall unit), see Configuring a user.

Two-factor authentication

Two-factor authentication methods, including FortiToken, provide additional security.

User Group

A user group is a list of user identities. To add or edit a user group, see Configuring a user group.

After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically.
Previous
Next