Chapter 5 Compliance : Configuring FortiGate units for PCI DSS compliance : Security policies for the CDE network : Controlling the source and destination of traffic
  
Controlling the source and destination of traffic
The source and destination are the first parameters you specify in a security policy. (Go to Policy > Policy > Policy and select Create New.)
The Interface settings depend on network topology. The Address settings define the IP addresses to which the policy applies. These should be as narrow as possible, so that only the appropriate hosts are included. For example, if the destination is a server with a single IP address, the named Destination Address should be defined as that single address, not the entire subnet on which the server resides.
Addresses are defined in Firewall Objects > Address > Addresses. You can also define a new address by selecting Create from either the Source Address or Destination Address drop-down lists in a security policy. Some addresses will be used in several security policies, so it is best to plan ahead and define the addresses first.