FortiGate-100A Administration Guide Version 2.80 MR7
FortiGate-100A Administration Guide 01-28007-0068-20041203 189
Firewall
Firewall policies control all traffic passing through the FortiGate unit. Firewall policies
are instructions that the FortiGate unit uses to decide what to do with a connection
request. When the firewall receives a connection request in the form of a packet, it
analyzes the packet to extract its source address, destination address, and service
(by port number).
For the packet to be connected through the FortiGate unit, the source address,
destination address, and service of the packet must match a firewall policy. The policy
directs the firewall action on the packet. The action can be to allow the connection,
deny the connection, require authentication before the connection is allowed, or
process the packet as an IPSec VPN packet.
Each policy can be individually configured to route connections or apply network
address translation (NAT) to translate source and destination IP addresses and ports.
You can add IP pools to use dynamic NAT when the firewall translates source
addresses. You can use policies to configure port address translation (PAT) through
the FortiGate.
You can add protection profiles to firewall policies to apply different protection settings
for traffic that is controlled by firewall policies. You can use protection profiles to:
• Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP policies
• Configure web filtering for HTTP policies
• Configure web category filtering for HTTP policies
• Configure spam filtering for IMAP, POP3, and SMTP policies
• Enable IPS for all services
• Enable content archiving to a FortiLog unit for all services
You can also enable traffic logging for a firewall policy so that the FortiGate unit logs
all connections that use this policy.
This chapter describes:
• Policy
• Address
• Service
• Schedule
• Virtual IP
• IP pool
• Protection profile