Configuring firewall policies Firewall Policy
FortiGate Version 4.0 MR1 Administration Guide
400 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
For more information, see the “Defining firewall policies” chapter of the FortiGate IPSec
VPN User Guide.
Configuring SSL VPN identity-based firewall policies
For network users to use SSL-VPN identity-based policies, you must configure users, add
them to user groups, and then configure the policy.
To create an identity-based firewall policy (SSL-VPN), go to Firewall > Policy > Policy and
select Create New and enter the information in the following table. Select Action > SSL
VPN.
For more information, see “Configuring firewall policies” on page 391.
Figure 213: Configuring a new SSL VPN firewall policy
Inbound NAT Select to translate the source IP addresses of inbound decrypted packets into
the IP address of the FortiGate interface to the local private network.
Outbound NAT Select only in combination with a natip CLI value to translate the source
addresses of outbound cleartext packets into the IP address that you specify.
When a natip value is specified, the source addresses of outbound IP packets
are replaced before the packets are sent through the tunnel. For more
information, see the “firewall” chapter of the FortiGate CLI Reference.
Note: For a route-based (interface mode) VPN, you do not configure an IPSec firewall
policy. Instead, you configure two regular ACCEPT firewall policies, one for each direction
of communication, with the IPSec virtual interface as the source or destination interface as
appropriate.
Note: The SSL-VPN option is only available from the Action list after you have added SSL
VPN user groups. To add SSL VPN user groups, see “SSL VPN user groups” on page 668.
To Next Page
Loading...
Need help?
General