While network security is not its primary function, and FortiADC is not a replacement for a full-fledged UTM such as FortiGate, FortiADC does have simple traditional firewall features such as NAT, rate limiting, and accept/deny policies based upon a packet’s source address, destination address, protocol, and stateful inspection. This provides additional deployment flexibility for performance optimization: cases where you want to layer security, or to offload some of the processing burden from your firewall/UTM.
To configure a firewall policy, complete these steps:
1. Defining address objects
2. Defining your network services
3. Configuring firewall policies
By default, the firewall menu is hidden. To show it, see “Menu Settings”.
Unlike policies on FortiWeb or FortiGate, FortiADC policies do not indicate virtual servers/virtual IPs that will receive traffic, nor indicate how traffic will be distributed among your servers. Policies on FortiADC indicate only whether traffic will be accepted or denied. Because of this and the default action to accept traffic when no policy matches, firewall policies are not required.
To configure how FortiADC will forward packets to your back-end servers, you must configure a virtual server. You may also need to configure static routes or routing policies. See “Distributing new sessions among your servers”, “Routing based on the application layer”, “Adding a gateway”, and “Policy routes”.