Policy Introduction – Firewall Policies
Firewall policies The firewall policy is the axis around which most features of the FortiGate firewall revolve. Many settings in the firewall end up relating to or being associated with the firewall...
View ArticlePolicy Introduction – Firewall policy parameters – FortiOS 6.2
Firewall policy parameters For traffic to flow through the FortiGate firewall, there must be a policy that matches its parameters: Incoming interface(s) l Outgoing interface(s) l Source address(es) l...
View ArticlePolicy Introduction – Profile-based NGFW vs policy-based NGFW – FortiOS 6.2
Profile-based NGFW vs policy-based NGFW From version 5.6, we added a new policy mode called Next Generation Firewall (NGFW). This mode is only available when the VDOM inspection-mode is flow. This...
View ArticlePolicy Introduction – NGFW policy mode and NAT – FortiOS 6.2
NGFW policy mode and NAT If your FortiGate is operating in NAT mode, rather than enabling source NAT in individual NGFW policies, go to Policy & Objects > Central SNAT and add source NAT...
View ArticlePolicy Introduction – Application control in NGFW policy-based mode – FortiOS...
Application control in NGFW policy-based mode Configure Application Control by adding individual applications to security policies. You can set the action to ACCEPT or DENY to allow or block...
View ArticlePolicy Introduction – Other NGFW policy-based mode options – FortiOS 6.2
Other NGFW policy-based mode options You can combine both application control and web filtering in the same NGFW policy mode policy. If the policy accepts applications or URL categories, you can apply...
View ArticlePolicy views and policy lookup
Policy views and policy lookup This topic provides a sample of firewall policy views and firewall policy lookup. Policy views In Policy & Objects policy list page, there are two policy views:...
View ArticlePolicy with source NAT
Policy with source NAT Static SNAT NAT or Network Address Translation is the process that enables a single device such as a router or firewall to act as an agent between the Internet or Public Network...
View ArticlePolicy with destination NAT
Policy with destination NAT Static virtual IPs Usually we use VIP to implement Destination Address Translation. Mapping a specific IP address to another specific IP address is usually referred to as...
View ArticlePolicy with Internet Service
Policy with Internet Service Using Internet Service in policy This recipe shows how to apply a predefined Internet Service entry into a policy. The Internet Service Database is a comprehensive public...
View ArticleNAT64 policy and DNS64 (DNS proxy)
NAT64 policy and DNS64 (DNS proxy) NAT64 policy translates IPv6 addresses to IPv4 addresses so that a client on an IPv6 network can communicate transparently with a server on an IPv4 network. NAT64...
View ArticleNAT46 policy
NAT46 policy NAT46 refers to the mechanism that allows IPv4 addressed hosts to communicate with IPv6 hosts. Without such a mechanism, IPv4 environments cannot connect to IPv6 networks. Sample topology...
View ArticleMulticast processing and basic Multicast policy
Multicast processing and basic Multicast policy You need to add firewall policies to allow packets to pass from one interface to another. Multicast packets require multicast security policies. Similar...
View ArticleTraffic shaping
Traffic shaping Interface bandwidth limit You can limit interface bandwidth for arriving and departing traffic. In some cases, the traffic received on an interfaces could exceed the maximum bandwidth...
View ArticleSecurity Profiles – AntiVirus – FortiOS 6.2
AntiVirus Content disarm and reconstruction for AntiVirus Introduction Content Disarm and Reconstruction (CDR) allows the FortiGate to sanitize Microsoft documents and PDF (disarm) by removing active...
View ArticleIntroduction to AppCtrl sensors
Introduction to AppCtrl sensors FortiGate units can detect and take action against network traffic depending on the application generating the traffic. Based on FortiGate Intrusion Protection protocol...
View ArticleClik here to view.
FortiOS 6.2.2 Release Notes
TABLE OF CONTENTS Change Log 5 Change Log Date Change Description...
View ArticleAppCtrl basic category filters and overrides
AppCtrl basic category filters and overrides Once you have created an application sensor, you can define the applications that you want to control. You can add applications and filters using...
View ArticleAppCtrl port enforcement check
AppCtrl port enforcement check Most networking applications run on specific ports. For example, SSH runs on port 22, and Facebook runs on port 80 and 443. If the default network service is enabled in...
View ArticleAppCtrl protocol enforcement check
AppCtrl protocol enforcement check Protocol enforcement allows you to configure networking services (e.g. FTP, HTTP, HTTPS) on known ports (e.g. 21, 80, 443). For protocols which are not whitelisted...
View Article