Basic Firewall Policies

Video Activity

In this video, you'll learn how to create and order multiple IPv4 policies in the policy table. In this example, three policies will be configured: PolicyA allows Internet access to the local area network, PolicyB allows Internet access to mobile devices connecting while applying additional security features and Policy C: allows the system administ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you'll learn how to create and order multiple IPv4 policies in the policy table. In this example, three policies will be configured: PolicyA allows Internet access to the local area network, PolicyB allows Internet access to mobile devices connecting while applying additional security features and Policy C: allows the system administrator's PC to have full access. In this example, a wireless network has already been configured that is in the same subnet as the wired LAN. Visit Fortinet's documentation library at http://docs.fortinet.com.

Video Transcription
00:00
>> In this video, you'll learn how to create an order
00:00
multiple IPv4 policies in the policy table.
00:00
In this example, three policies will be configured.
00:00
Policy A allows Internet access
00:00
to the local area network.
00:00
Policy B allows Internet access to
00:00
mobile devices while applying
00:00
additional security features.
00:00
Policy C allows a system administrators PC
00:00
to have full access.
00:00
In this example, a wireless network has already been
00:00
configured that is on the same subnet as the wired LAN.
00:00
Configure policy A by going into Policy & Objects,
00:00
Policy, IPv4,
00:00
and editing the default policy allowing outgoing traffic.
00:00
Set service to HTTP,
00:00
HTTPS, and DNS to restrict access to Internet browsing.
00:00
Ensure that you've enabled NAT.
00:00
In order to view the results later,
00:00
enable Log allowed Traffic and select All Sessions.
00:00
Create policy B.
00:00
Set incoming interface,
00:00
outgoing interface, and service to be identical to
00:00
policy A allowing LAN Internet traffic.
00:00
Set source device type to mobile devices,
00:00
a default device group that
00:00
includes tablets and mobile phones.
00:00
Please note that using
00:00
a device group will automatically enable
00:00
device identification on the LAN interface. Enable NAT.
00:00
Under Security Profiles,
00:00
enable Web Filter and set it to use the default profile.
00:00
During this, we'll also enable
00:00
Proxy Options and SSL Inspection.
00:00
Use the default profile for proxy and
00:00
set SSL Inspection to certificate inspection,
00:00
which will allow HTTPS traffic to be inspected.
00:00
Enable Log Allowed Traffic and select All Sessions.
00:00
Go to User & Device, Device,
00:00
Device Definitions to create
00:00
a definition for the system administrators PC.
00:00
Set the MAC address of
00:00
the PC and choose the appropriate device type.
00:00
Go to Policy & Objects, Policy,
00:00
IPv4 and create policy C. Set incoming interface to LAN,
00:00
source device type to SysAdminPC.
00:00
Outgoing interface to Internet facing
00:00
interface and service to all.
00:00
Enable both NAT and Log
00:00
Allowed Traffic selecting All sessions.
00:00
View the policy table.
00:00
Currently, the policies are
00:00
arranged in the order they were created.
00:00
To ensure that the correct traffic
00:00
is flowing through each policy,
00:00
they must be rearranged so that
00:00
the more specific policies are
00:00
located at the top of the list.
00:00
To reorder the policies,
00:00
select any area in the far left column for
00:00
policy B and drag the policy to the top of the list.
00:00
Repeat this for policy C
00:00
so that the order is now policy C,
00:00
policy, B policy A
00:00
with a default deny policy at the bottom.
00:00
Browse the Internet using the system administrators PC,
00:00
a different PC located on LAN,
00:00
and a mobile device to generate traffic.
00:00
Then go to Log & Report,
00:00
Traffic Log, Forward Traffic.
00:00
You can see the traffic from
00:00
the three devices flows through different policies.
00:00
Thank you for watching.
00:00
For further details,
00:00
please go to docs.fortinet.com to
00:00
access Fortinet's complete documentation library.
Up Next