Creating security policies

Chapter 3 Authentication for FortiOS 5.0 : Examples and Troubleshooting : Firewall authentication example : Creating security policies

Two security policies are needed: one for firewall group who connect through port3 and one for FSSO group who connect through port2.

To create a security policy for FSSO authentication - web-based manager

1. Go to Policy > Policy > Policy and select Create New.

2. Enter the following information:


Policy Type	Firewall
Policy Subtype	User Identity
Incoming Interface	Port2
Source address	Windows_net
Outgoing Interface	Port1
Enable NAT	Select

3. In Configuration Authentication Rules, select Create New.

In the New Authentication Rule window, enter the following information, and then select OK:


Destination Address	all
Group(s)	FSSO_Internet_users
Schedule	always
Service	ALL
UTM Security Profiles	Optionally, enable UTM profiles.

4 Select OK.

To create a security policy for FSSO authentication - CLI

config firewall policy

edit 0

set srcintf port2

set dstintf port1

set srcaddr Windows_net

set dstaddr all

set action accept

set identity-based enable

set nat enable

config identity-based-policy

edit 1

set schedule always

set groups FSSO_Internet_users

set service ANY

end

To create a security policy for local user authentication - web-based manager

1. Go to Policy > Policy and select Create New.