Fortinet black logo

User Guide

Home FortiPortal 7.2.2 User Guide
7.2.2
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0

Types of objects

Types of objects

The page displays the following object categories:

Firewall Objects

Firewall objects are components used to assemble firewall security policies that can be configured once and then reused.

Address

You can specify an address as a country, FQDN, or an IP subnet and mask. The address can apply to all interfaces or you can configure a specific interface.

You can also create address groups, which define a group of related addresses.

Proxy address

Specify proxy addresses using one of several strategies for URL matching.

Authentication Scheme

Define authentication schemes for use in policies.

Schedule

You can specify a set of days and time ranges with recurring or one-time schedules.

Service

Although numerous services are already configured, the system allows for administrators to configure their own.

The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):

  • IP: IP protocol number.
  • TCP/UDP/SCTP: Address and destination port range.
  • ICMP: Type and code.

You can also create a service group, which defines a group of related services.

Virtual IP

The Virtual IP objects map external IP addresses to internal addresses.

FortiPortal supports the following Virtual IP object types:

  • Virtual IP: Uses static NAT to map a range of external addresses to an internal address range.
  • Virtual IP Group: A group of one or more Virtual IPs, for ease of administration
  • IP Pool: An IP address or range of IP addresses to use as the source address (rather than the IP address of the interface)
IP Pool

Define IP pool allocation rules for NAT.

Security Profiles

Security features protecting the network from threats are together known as security profiles.

The following security profiles are supported on FortiPortal:

  • Antivirus Profile

  • Intrusion Prevention Profile

  • Local Category

  • Web Rating Overrides

  • Web Filter Profile

  • Application Control

  • File Filter Profile

  • Video Filter

  • SSL/SSH Inspection

  • Profile Group

Antivirus Profile

Use the Antivirus profile to detect and identify viruses.

Intrusion Prevention Profile

Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities.

Local Category

You can create a local category and then use Rating Override to assign URLs to the new category.

Web Rating Overrides

Use a Web Rating Override object to override the rating for a URL.

Web Filter Profile

Set up a web filter profile to protect or limit user activity on the web.

Application Control

Use application control to detect network traffic and control application communication.

File Filter Profile

Use file filters to perform file type inspection.

Video Filter

Use the video filter to filter YouTube videos by category or channel.

SSL/SSH Inspection

Use the SSL/SSH iinspection profile to perform deep inspection on encrypted traffic.

Profile Group

Use a profile group to collect previously configured security profiles into one object that can be used in policies.

User & Device

Security policies may allow access to specified users and user groups only.

User

A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

You can create local users (accounts stored on the firewall unit), see Configuring a user.

Two-factor authentication

Two-factor authentication methods, including FortiToken, provide additional security.

User Group

A user group is a list of user identities. To add or edit a user group, see Configuring a user group.

After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically.
LDAP server

Add external LDAP servers that can be used in firewall policies.

Previous
Next

Types of objects

The page displays the following object categories:

Firewall Objects

Firewall objects are components used to assemble firewall security policies that can be configured once and then reused.

Address

You can specify an address as a country, FQDN, or an IP subnet and mask. The address can apply to all interfaces or you can configure a specific interface.

You can also create address groups, which define a group of related addresses.

Proxy address

Specify proxy addresses using one of several strategies for URL matching.

Authentication Scheme

Define authentication schemes for use in policies.

Schedule

You can specify a set of days and time ranges with recurring or one-time schedules.

Service

Although numerous services are already configured, the system allows for administrators to configure their own.

The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):

  • IP: IP protocol number.
  • TCP/UDP/SCTP: Address and destination port range.
  • ICMP: Type and code.

You can also create a service group, which defines a group of related services.

Virtual IP

The Virtual IP objects map external IP addresses to internal addresses.

FortiPortal supports the following Virtual IP object types:

  • Virtual IP: Uses static NAT to map a range of external addresses to an internal address range.
  • Virtual IP Group: A group of one or more Virtual IPs, for ease of administration
  • IP Pool: An IP address or range of IP addresses to use as the source address (rather than the IP address of the interface)
IP Pool

Define IP pool allocation rules for NAT.

Security Profiles

Security features protecting the network from threats are together known as security profiles.

The following security profiles are supported on FortiPortal:

  • Antivirus Profile

  • Intrusion Prevention Profile

  • Local Category

  • Web Rating Overrides

  • Web Filter Profile

  • Application Control

  • File Filter Profile

  • Video Filter

  • SSL/SSH Inspection

  • Profile Group

Antivirus Profile

Use the Antivirus profile to detect and identify viruses.

Intrusion Prevention Profile

Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities.

Local Category

You can create a local category and then use Rating Override to assign URLs to the new category.

Web Rating Overrides

Use a Web Rating Override object to override the rating for a URL.

Web Filter Profile

Set up a web filter profile to protect or limit user activity on the web.

Application Control

Use application control to detect network traffic and control application communication.

File Filter Profile

Use file filters to perform file type inspection.

Video Filter

Use the video filter to filter YouTube videos by category or channel.

SSL/SSH Inspection

Use the SSL/SSH iinspection profile to perform deep inspection on encrypted traffic.

Profile Group

Use a profile group to collect previously configured security profiles into one object that can be used in policies.

User & Device

Security policies may allow access to specified users and user groups only.

User

A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

You can create local users (accounts stored on the firewall unit), see Configuring a user.

Two-factor authentication

Two-factor authentication methods, including FortiToken, provide additional security.

User Group

A user group is a list of user identities. To add or edit a user group, see Configuring a user group.

After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically.
LDAP server

Add external LDAP servers that can be used in firewall policies.

Previous
Next