Firewall policies are central to how the FortiGate processes network traffic. It is important to note that any traffic that is not explicitly allowed by firewall policy is denied. Make sure to set up firewall policies to allow basic communication before testing your network. In order to set up Firewall policies, log in to the FortiGate GUI and select “Policy & Objects” from the left-hand menu.
IPv4 Policies in FortiOS can use the following parameters:
ALLOW or DENY
Incoming/Source Interface
Outgoing/Destination Interface
Source Address(es)
Destination Address(es)
Other parameters are available, but the ones above are critical for most policies.
Example Policies
Allow All Outbound
|
Parameter |
Value |
|---|---|
|
Incoming Interface |
lan [Internal] |
|
Outgoing Interface |
wan1 [External] |
|
Source |
all |
|
Destination |
all |
|
Schedule |
always |
|
Service |
all |
Allow Specific Inbound
|
Parameter |
Value |
|---|---|
|
Incoming Interface |
wan1 [External] |
|
Outgoing Interface |
lan [Internal] |
|
Source |
all |
|
Destination |
[Specific Port on External IP] |
|
Schedule |
always |
|
Service |
tcp [Service/Protocol] |