Override | Select to override the policy inherited from the group to which the computer belongs. | |
Basic Setting | ||
Enable Firewall | Select to enable the firewall. | |
Firewall Profile | Select one of the following profiles. Basic home use — Allow all outgoing traffic and deny all incoming traffic. Basic business — Allow all outgoing traffic, allow all incoming traffic from the trusted zone, and deny all incoming traffic from the public zone. Custom profile — This is the default profile. You can configure firewall policies to control application access to the network and to control traffic between address groups. | |
When launch new applications | Select firewall action when an unknown application tries to communicate through the firewall: Ask — The user is asked if the application should be allowed or denied network access. This is the default option. Allow — Allow the application to communicate, but raise a firewall violation alert. Block — The application is blocked and raises a firewall violation alert. | |
Disable task bar notification of blocked network traffic | Do not alert FortiClient user that traffic is blocked. | |
Enable Trusted IP | Trusted IP addresses, defined in Firewall > Trusted IP are not scanned for potential intrusion attempts. See “Configuring trusted IPs exempted from intrusion detection”. | |
Rules order of global firewall policy | When there are “allow” and “deny” firewall rules in FortiClient, this setting determines the action that has higher priority when rules overlap. Allow rules first — When selected, the “allow” firewall rules in FortiClient are processed first. Deny rule first — When selected, the “deny” firewall rules in FortiClient are processed first. | |
Ping Servers | ||
Use Ping servers to determine the trust status of networks | The FortiClient application checks for response from ping servers you have configured to determine whether it is connected to a trustworthy network. See “Configuring ping servers for a FortiClient agent firewall”. | |
Zone Security Setting | Select the security level for the Public and Trusted zones. | |
Public Zone Security Level | High — Block ICMP, NetBIOS, but allow other traffic coming from this zone. Medium — Block ICMP and NetBIOS from this zone, but allow other traffic. Allow NetBIOS to this zone. Low — Allow all traffic, except where disallowed by application policies. By default, the Public Zone has High security level. | |
Trusted Zone Security Level | High — Block ICMP, NetBIOS, but allow other traffic coming from this zone. Medium — Allow all traffic to and from this zone. Low — Allow all traffic, except where disallowed by application policies. By default, the Trusted Zone has Medium security level. |