Firewall Policy Firewall policy examples
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 417
http://docs.fortinet.com/ • Feedback
Scenario two: enterprise-sized business
Located in a large city, the library system is anchored by a main downtown location
serving most of the population, with more than a dozen branches spread throughout the
city. Each branch is wired to the Internet but none are linked with each other by dedicated
connections.
The current network topography at the main location consists of three user groups. The
main branch staff and public terminals access the servers in the DMZ behind the firewall.
The catalog access terminals directly access the catalog server without first going through
the firewall.
The topography at the branch office has all three users accessing the servers at the main
branch through non-secured internet connections.
Figure 225: The library system’s current network topology
The library must be able to set different access levels for patrons and staff members.
The first firewall policy for main office staff members allows full access to the Internet at all
times. A second policy will allow direct access to the DMZ for staff members. A second
pair of policies is required to allow branch staff members the same access.
The staff firewall policies will all use a protection profile configured specifically for staff
access. Enabled features include virus scanning, spam filtering, IPS, and blocking of all
P2P traffic. FortiGuard web filtering is also used to block advertising, malware, and
spyware sites.
To Next Page
Loading...
Need help?
General