Fortinet fortigate-200a Betriebsanweisung

Firewall policies control all traffic passing through the FortiGate unit. Firewall policies 
are instructions that the FortiGate unit uses to decide what to do with a connection 
request. When the firewall receives a connection request in the form of a packet, it 
analyzes the packet to extract its source address, destination address, and service 
(by port number).

For the packet to be connected through the FortiGate unit, the source address, 
destination address, and service of the packet must match a firewall policy. The policy 
directs the firewall action on the packet. The action can be to allow the connection, 
deny the connection, require authentication before the connection is allowed, or 
process the packet as an IPSec VPN packet.

Each policy can be individually configured to route connections or apply network 
address translation (NAT) to translate source and destination IP addresses and ports. 
You can add IP pools to use dynamic NAT when the firewall translates source 
addresses. You can use policies to configure port address translation (PAT) through 
the FortiGate.

You can add protection profiles to firewall policies to apply different protection settings 
for traffic that is controlled by firewall policies. You can use protection profiles to:

• Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP policies
• Configure web filtering for HTTP policies
• Configure web category filtering for HTTP policies
• Configure spam filtering for IMAP, POP3, and SMTP policies
• Enable IPS for all services
• Enable content archiving to a FortiLog unit for all services

You can also enable traffic logging for a firewall policy so that the FortiGate unit logs 
all connections that use this policy.

This chapter describes:

•

•

•

•

•

•

•