Types of objects
The page displays the following object categories:
Firewall Objects
Firewall objects are components used to assemble firewall security policies that can be configured once and then reused.
Address
You can specify an address as a country, FQDN, or an IP subnet and mask. The address can apply to all interfaces or you can configure a specific interface.
You can also create address groups, which define a group of related addresses.
Proxy address
Specify proxy addresses using one of several strategies for URL matching.
Authentication Scheme
Define authentication schemes for use in policies.
Schedule
You can specify a set of days and time ranges with recurring or one-time schedules.
Service
Although numerous services are already configured, the system allows for administrators to configure their own.
The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):
- IP: IP protocol number.
- TCP/UDP/SCTP: Address and destination port range.
- ICMP: Type and code.
You can also create a service group, which defines a group of related services.
Virtual IP
The Virtual IP objects map external IP addresses to internal addresses.
FortiPortal supports the following Virtual IP object types:
- Virtual IP: Uses static NAT to map a range of external addresses to an internal address range.
- Virtual IP Group: A group of one or more Virtual IPs, for ease of administration
- IP Pool: An IP address or range of IP addresses to use as the source address (rather than the IP address of the interface)
IP Pool
Define IP pool allocation rules for NAT.
Security Profiles
Security features protecting the network from threats are together known as security profiles.
The following security profiles are supported on FortiPortal:
-
Antivirus Profile
-
Intrusion Prevention Profile
-
Local Category
-
Web Rating Overrides
-
Web Filter Profile
-
Application Control
-
File Filter Profile
-
Video Filter
-
SSL/SSH Inspection
-
Profile Group
Antivirus Profile
Use the Antivirus profile to detect and identify viruses.
Intrusion Prevention Profile
Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities.
Local Category
You can create a local category and then use Rating Override to assign URLs to the new category.
Web Rating Overrides
Use a Web Rating Override object to override the rating for a URL.
Web Filter Profile
Set up a web filter profile to protect or limit user activity on the web.
Application Control
Use application control to detect network traffic and control application communication.
File Filter Profile
Use file filters to perform file type inspection.
Video Filter
Use the video filter to filter YouTube videos by category or channel.
SSL/SSH Inspection
Use the SSL/SSH iinspection profile to perform deep inspection on encrypted traffic.
Profile Group
Use a profile group to collect previously configured security profiles into one object that can be used in policies.
User & Device
Security policies may allow access to specified users and user groups only.
User
A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.
You can create local users (accounts stored on the firewall unit), see Configuring a user.
Two-factor authentication
Two-factor authentication methods, including FortiToken, provide additional security.
User Group
A user group is a list of user identities. To add or edit a user group, see Configuring a user group.
After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically. |
LDAP server
Add external LDAP servers that can be used in firewall policies.