Configuring security policies
Security policies permit communication between the FortiGate unit’s network interfaces based on source and destination IP addresses. Interfaces that communicate with the VLAN interface need security policies to permit traffic to pass between them and the VLAN interface.
Each VLAN needs a security policy for each of the following connections the VLAN will be using:
• from this VLAN to an external network
• from an external network to this VLAN
• from this VLAN to another VLAN in the same virtual domain on the FortiGate unit
• from another VLAN to this VLAN in the same virtual domain on the FortiGate unit.
The packets on each VLAN are subject to antivirus scans and other UTM measures as they pass through the FortiGate unit.
See Also