12.03.2015 Views

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Configuring firewall policies<br />

Firewall Policy<br />

Figure 167:Creating an intra-VLAN firewall policy<br />

Intra-VLAN Policy<br />

Source/Destination<br />

Interface/Zone<br />

Source and Destination<br />

Port<br />

You must enable this to create a policy between switch<br />

ports. The dialog box changes to show the fields<br />

described below.<br />

Select native or a switch VLAN. For information about<br />

creating switch VLANs see “Configuring a switch VLAN”<br />

on page 212.<br />

Select Any or a specific switch port. If you select a nonsecure<br />

port as source, you must select a secure port as<br />

destination.<br />

Address<br />

Select All or specify an IP address range.<br />

Set other firewall options as needed. See “Firewall policy options” on page 272.<br />

Adding authentication to firewall policies<br />

Add users and a firewall protection profile to a user group before selecting<br />

Authentication. For information about adding and configuring user groups, see<br />

“User groups” on page 386. Authentication is available if Action is set to Accept or<br />

SSL VPN.<br />

When you enable user authentication on a firewall policy, the end users using the<br />

firewall policy will be challenged to authenticate before they can use the policy.<br />

In case of user ID and password authentication, the end users will be prompted to<br />

input their user name and password.<br />

In case of certificate authentication (HTTPS or HTTP redirected to HTTPS only),<br />

you can install customized certificates on the <strong>FortiGate</strong> unit and the end users can<br />

also have customized certificates installed on their browsers. Otherwise, the end<br />

users will see a warning message and have to accept the default <strong>FortiGate</strong><br />

certificate, which the end users’ web browsers may deem as invalid. For<br />

information about how to use certificates, see “VPN Certificates” on page 369.<br />

<strong>FortiGate</strong> Version 3.0 MR5 <strong>Administration</strong> <strong>Guide</strong><br />

276 01-30005-0203-20070830

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!