Fortinet FORTIWIFI-50B Instrução De Instalação
FortiWiFi-50B FortiOS 3.0 MR6 Install Guide
32
01-30006-0445-20080131
Firewall policies
Advanced configuration
The best way to begin creating your own protection profile is to open a predefined
profile. This way you can see how a profile is set up, and then modify it suit your
requirements. You access Protection profile options by going to Firewall >
Protection Profile, and selecting Edit for one of the predefined profiles.
profile. This way you can see how a profile is set up, and then modify it suit your
requirements. You access Protection profile options by going to Firewall >
Protection Profile, and selecting Edit for one of the predefined profiles.
Protection profiles are used by the firewall policies to determine how network and
Internet traffic is controlled, scanned and when necessary, rejected. The
Protection Profiles can be considered the rules of the firewall policy. Because of
this, you should take some time to review the various options to consider what you
want the firewall policies to do. If, after setting the protection profile and firewall
policies, traffic is not flowing or flowing too much, verify your profile settings.
Internet traffic is controlled, scanned and when necessary, rejected. The
Protection Profiles can be considered the rules of the firewall policy. Because of
this, you should take some time to review the various options to consider what you
want the firewall policies to do. If, after setting the protection profile and firewall
policies, traffic is not flowing or flowing too much, verify your profile settings.
The number of options and configuration for the protection profile is too vast for
this document. For details on each protection profile feature and setting, see the
FortiGate Administration Guide or the FortiWiFi Online Help.
this document. For details on each protection profile feature and setting, see the
FortiGate Administration Guide or the FortiWiFi Online Help.
Firewall policies
Firewall policies are instructions the FortiWiFi unit uses to decide what to do with a
connection request. When the firewall receives a connection request, it analyzes it
to extract its source address, destination address, and port number.
connection request. When the firewall receives a connection request, it analyzes it
to extract its source address, destination address, and port number.
For the connection through the FortiWiFi unit to be successful, the source
address, destination address, and service of the connection must match a firewall
policy. The policy directs the firewall action for the connection. The action can be
to allow the connection, deny the connection, require authentication before the
connection is allowed, or process the packet as an IPSec VPN connection.
address, destination address, and service of the connection must match a firewall
policy. The policy directs the firewall action for the connection. The action can be
to allow the connection, deny the connection, require authentication before the
connection is allowed, or process the packet as an IPSec VPN connection.
You can configure each firewall policy to route connections or apply network
address translation (NAT) to translate source and destination IP addresses and
ports. You also add protection profiles to firewall policies to apply different
protection settings for the traffic controlled by firewall policies.
address translation (NAT) to translate source and destination IP addresses and
ports. You also add protection profiles to firewall policies to apply different
protection settings for the traffic controlled by firewall policies.
The FortiWiFi unit matches firewall policies by searching from the top of the
firewall policy list and moving down until it finds the first match, then performs the
required address translation, blocking and so on described by the protection
profile, then passes on the packet information. This is important, because once
the FortiWiFi unit finds a match to a policy, it will not continue down the list. You
need to arrange policies in the policy list from more specific to more general.
firewall policy list and moving down until it finds the first match, then performs the
required address translation, blocking and so on described by the protection
profile, then passes on the packet information. This is important, because once
the FortiWiFi unit finds a match to a policy, it will not continue down the list. You
need to arrange policies in the policy list from more specific to more general.
For example, if you have two policies, one that blocks specific URLs or IP
addresses, and another general policy that lets traffic through. If you put the
general policy at the top, the FortiWiFi unit will act on the general policy, figuring
the policy has been matched and potentially let the URLs or IPs you wanted
blocked through.
addresses, and another general policy that lets traffic through. If you put the
general policy at the top, the FortiWiFi unit will act on the general policy, figuring
the policy has been matched and potentially let the URLs or IPs you wanted
blocked through.
Web
Apply virus scanning and web content blocking to HTTP traffic.
Unfiltered Apply no scanning, blocking or IPS. Use the unfiltered content profile if no
content protection for content traffic is required. Add this protection profile to
firewall policies for connections between highly trusted or highly secure
networks where content does not need to be protected.
Note: No traffic will flow through a
FortiWiFi
unit until at least one firewall policy is added.