Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.10
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    7.4.10
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Types of objects

    Types of objects

    The page displays the following object categories:

    Firewall Objects

    Firewall objects are components used to assemble firewall security policies that can be configured once and then reused.

    Address

    You can specify an address as a country, FQDN, or an IP subnet and mask. The address can apply to all interfaces or you can configure a specific interface.

    You can also create address groups, which define a group of related addresses.

    See Configuring an address and Configuring an address group.

    Proxy address

    Specify proxy addresses using one of several strategies for URL matching. See Configuring a proxy address.

    Authentication Scheme

    Define authentication schemes for use in policies. See Configuring an authentication scheme.

    Schedule

    You can specify a set of days and time ranges with recurring or one-time schedules. See Configuring a schedule.

    Service

    Although numerous services are already configured, the system allows for administrators to configure their own.

    The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):

    • IP: IP protocol number.

    • TCP/UDP/SCTP: Address and destination port range.

    • ICMP: Type and code.

    You can also create a service group, which defines a group of related services.

    See Configuring a service and Configuring a service group.

    Virtual IP

    Virtual IP objects map external IP addresses to internal addresses.

    FortiPortal supports the following virtual IP object types:

    • Virtual IP: Uses static NAT to map a range of external addresses to an internal address range.

    • Virtual IP Group: A group of one or more virtual IPs, for ease of administration.

    • IP Pool: An IP address or range of IP addresses to use as the source address (rather than the IP address of the interface).

    See Configuring a virtual IP.

    IP Pool

    Define IP pool allocation rules for NAT.

    See Configuring an IP pool and Configuring an IP pool group.

    ZTNA Server

    Define ZTNA servers to use the object in a Proxy/ZTNA Policy.

    See Configuring a ZTNA server.

    Security Profiles

    Security features protecting the network from threats are together known as security profiles.

    The following security profiles are supported:

    Antivirus Profile

    Use the Antivirus profile to detect and identify viruses. See Configuring an antivirus profile.

    Application Control

    Use application control to detect network traffic and control application communication. See Configuring application control.

    Email Filter Profile

    Use an email filter in a policy to perform spam detection and filtering. See Configuring an email filter profile.

    Inline CASB

    Use an inline CASB security profile to enable granular control over SaaS applications in firewall policies. See Configuring an inline CASB profile.

    Intrusion Prevention Profile

    Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities. See Configuring an intrusion prevention profile.

    Local Category

    You can create a local category and then use Rating Override to assign URLs to the new category. See Configuring a local category.

    Web Filter Profile

    Set up a web filter profile to protect or limit user activity on the web. See Configuring a web filter profile.

    Web Rating Overrides

    Use a Web Rating Override object to override the rating for a URL. See Configuring a web rating override.

    File Filter Profile

    Use file filters to perform file type inspection. See Configuring a file filter profile

    Video Filter

    Use the video filter to filter YouTube videos by category or channel. See Configuring a video filter.

    SSL/SSH Inspection

    Use the SSL/SSH iinspection profile to perform deep inspection on encrypted traffic. See Configuring an SSL/SSH inspection profile.

    Profile Group

    Use a profile group to collect previously configured security profiles into one object that can be used in policies. See Configuring a profile group.

    DNS Filter Profile

    Use DNS category filtering to control user access to web resources. See Configuring a DNS filter profile.

    User & Device

    Security policies may allow access to specified users and user groups only.

    User

    A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

    You can create local users (accounts stored on the firewall unit), see Configuring a user.

    User Group

    A user group is a list of user identities. To add or edit a user group, see Configuring a user group.

    After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically.
    LDAP servers

    Add external LDAP servers that can be used in firewall policies. See Configuring an LDAP server.

    RADIUS servers

    Add external RADIUS servers that can be used in firewall policies. See Configuring a RADIUS server

    SAML server

    Add external SAML servers that can be used in firewall policies. See Configuring a SAML server.

    Previous
    Next

    Types of objects

    Types of objects

    The page displays the following object categories:

    Firewall Objects

    Firewall objects are components used to assemble firewall security policies that can be configured once and then reused.

    Address

    You can specify an address as a country, FQDN, or an IP subnet and mask. The address can apply to all interfaces or you can configure a specific interface.

    You can also create address groups, which define a group of related addresses.

    See Configuring an address and Configuring an address group.

    Proxy address

    Specify proxy addresses using one of several strategies for URL matching. See Configuring a proxy address.

    Authentication Scheme

    Define authentication schemes for use in policies. See Configuring an authentication scheme.

    Schedule

    You can specify a set of days and time ranges with recurring or one-time schedules. See Configuring a schedule.

    Service

    Although numerous services are already configured, the system allows for administrators to configure their own.

    The service object specifies the protocol and any additional information required to identify the service (which depends on the protocol):

    • IP: IP protocol number.

    • TCP/UDP/SCTP: Address and destination port range.

    • ICMP: Type and code.

    You can also create a service group, which defines a group of related services.

    See Configuring a service and Configuring a service group.

    Virtual IP

    Virtual IP objects map external IP addresses to internal addresses.

    FortiPortal supports the following virtual IP object types:

    • Virtual IP: Uses static NAT to map a range of external addresses to an internal address range.

    • Virtual IP Group: A group of one or more virtual IPs, for ease of administration.

    • IP Pool: An IP address or range of IP addresses to use as the source address (rather than the IP address of the interface).

    See Configuring a virtual IP.

    IP Pool

    Define IP pool allocation rules for NAT.

    See Configuring an IP pool and Configuring an IP pool group.

    ZTNA Server

    Define ZTNA servers to use the object in a Proxy/ZTNA Policy.

    See Configuring a ZTNA server.

    Security Profiles

    Security features protecting the network from threats are together known as security profiles.

    The following security profiles are supported:

    Antivirus Profile

    Use the Antivirus profile to detect and identify viruses. See Configuring an antivirus profile.

    Application Control

    Use application control to detect network traffic and control application communication. See Configuring application control.

    Email Filter Profile

    Use an email filter in a policy to perform spam detection and filtering. See Configuring an email filter profile.

    Inline CASB

    Use an inline CASB security profile to enable granular control over SaaS applications in firewall policies. See Configuring an inline CASB profile.

    Intrusion Prevention Profile

    Use intrusion prevention profiles to protect your network against hacking and attempts to exploit vulnerabilities. See Configuring an intrusion prevention profile.

    Local Category

    You can create a local category and then use Rating Override to assign URLs to the new category. See Configuring a local category.

    Web Filter Profile

    Set up a web filter profile to protect or limit user activity on the web. See Configuring a web filter profile.

    Web Rating Overrides

    Use a Web Rating Override object to override the rating for a URL. See Configuring a web rating override.

    File Filter Profile

    Use file filters to perform file type inspection. See Configuring a file filter profile

    Video Filter

    Use the video filter to filter YouTube videos by category or channel. See Configuring a video filter.

    SSL/SSH Inspection

    Use the SSL/SSH iinspection profile to perform deep inspection on encrypted traffic. See Configuring an SSL/SSH inspection profile.

    Profile Group

    Use a profile group to collect previously configured security profiles into one object that can be used in policies. See Configuring a profile group.

    DNS Filter Profile

    Use DNS category filtering to control user access to web resources. See Configuring a DNS filter profile.

    User & Device

    Security policies may allow access to specified users and user groups only.

    User

    A user is a user account consisting of username, password, and in some cases other information, configured on the firewall unit or on an external authentication server. Users can access resources that require authentication only if they are members of an allowed user group.

    You can create local users (accounts stored on the firewall unit), see Configuring a user.

    User Group

    A user group is a list of user identities. To add or edit a user group, see Configuring a user group.

    After you set the group type and add members, you cannot change the group type without removing its members. If you change the type, members will be removed automatically.
    LDAP servers

    Add external LDAP servers that can be used in firewall policies. See Configuring an LDAP server.

    RADIUS servers

    Add external RADIUS servers that can be used in firewall policies. See Configuring a RADIUS server

    SAML server

    Add external SAML servers that can be used in firewall policies. See Configuring a SAML server.

    Previous
    Next