Fortinet FortiGate 4000 Benutzerhandbuch
198
Fortinet Inc.
Adding firewall policies
Firewall configuration
Authentication
Select Authentication and select a user group to require users to enter a user name
and password before the firewall accepts the connection. Select the user group to
control the users that can authenticate with this policy. For information about adding
and configuring user groups, see
and password before the firewall accepts the connection. Select the user group to
control the users that can authenticate with this policy. For information about adding
and configuring user groups, see
. You must
add user groups before you can select Authentication.
You can select Authentication for any service. Users can authenticate with the firewall
using HTTP, Telnet, or FTP. For users to be able to authenticate you must add an
HTTP, Telnet, or FTP policy that is configured for authentication. When users attempt
to connect through the firewall using this policy they are prompted to enter a firewall
username and password.
using HTTP, Telnet, or FTP. For users to be able to authenticate you must add an
HTTP, Telnet, or FTP policy that is configured for authentication. When users attempt
to connect through the firewall using this policy they are prompted to enter a firewall
username and password.
If you want users to authenticate to use other services (for example POP3 or IMAP)
you can create a service group that includes the services for which you want to
require authentication, as well as HTTP, Telnet, and FTP. Then users could
authenticate with the policy using HTTP, Telnet, or FTP before using the other service.
you can create a service group that includes the services for which you want to
require authentication, as well as HTTP, Telnet, and FTP. Then users could
authenticate with the policy using HTTP, Telnet, or FTP before using the other service.
In most cases you should make sure that users can use DNS through the firewall
without authentication. If DNS is not available users cannot connect to a web, FTP, or
Telnet server using a domain name.
without authentication. If DNS is not available users cannot connect to a web, FTP, or
Telnet server using a domain name.
Anti-Virus & Web filter
Enable antivirus protection and web filter content filtering for traffic controlled by this
policy. You can select Anti-Virus & Web filter if Service is set to ANY, HTTP, SMTP,
POP3, IMAP, or FTP or to a service group that includes the HTTP, SMTP, POP3,
IMAP, or FTP services.
policy. You can select Anti-Virus & Web filter if Service is set to ANY, HTTP, SMTP,
POP3, IMAP, or FTP or to a service group that includes the HTTP, SMTP, POP3,
IMAP, or FTP services.
Select a content profile to configure how antivirus protection and content filtering is
applied to the policy. For information about selecting a content profile, see
applied to the policy. For information about selecting a content profile, see
Guaranteed
Bandwidth
Bandwidth
You can use traffic shaping to guarantee the amount of bandwidth available
through the firewall for a policy. Guarantee bandwidth (in Kbytes) to make
sure that there is enough bandwidth available for a high-priority service.
Maximum
Bandwidth
Bandwidth
You can also use traffic shaping to limit the amount of bandwidth available
through the firewall for a policy. Limit bandwidth to keep less important
services from using bandwidth needed for more important services.
Traffic Priority
Select High, Medium, or Low. Select Traffic Priority so that the FortiGate unit
manages the relative priorities of different types of traffic. For example, a
policy for connecting to a secure web server needed to support e-commerce
traffic should be assigned a high traffic priority. Less important services
should be assigned a low priority. The firewall provides bandwidth to low-