FortiGate – Firewall Policies

Firewall policies are central to how the FortiGate processes network traffic. It is important to note that any traffic that is not explicitly allowed by firewall policy is denied. Make sure to set up firewall policies to allow basic communication before testing your network. In order to set up Firewall policies, log in to the FortiGate GUI and select “Policy & Objects” from the left-hand menu.

IPv4 Policies in FortiOS can use the following parameters:

     ALLOW or DENY
Incoming/Source Interface
Outgoing/Destination Interface
Source Address(es)
Destination Address(es)

Other parameters are available, but the ones above are critical for most policies.

 

Example Policies

Allow All Outbound

Parameter

Value

Incoming Interface

lan [Internal]

Outgoing Interface

wan1 [External]

Source

all

Destination

all

Schedule

always

Service

all

Allow Specific Inbound

Parameter

Value

Incoming Interface

wan1 [External]

Outgoing Interface

lan [Internal]

Source

all

Destination

[Specific Port on External IP]

Schedule

always

Service

tcp [Service/Protocol]

Was this article helpful?

Related Articles