Configuring regular security policies

Chapter 3 Authentication for FortiOS 5.0 : Examples and Troubleshooting : RADIUS SSO example : Configuring FortiGate regular and RADIUS SSO security policies : Configuring regular security policies

Regular security policies allow or deny access for non-RADIUS SSO traffic. This is essential as there are network services—such as DNS, NTP, and FortiGuard—that require access to the Internet.

To configure regular security policies - web-based manager

1. Go to Policy > Policy, and select Create New.

2. Enter the following information, and select OK.


Source Interface/Zone	Internal
Source Address	internal_network
Destination Interface/Zone	wan1
Destination Address	all
Schedule	always
Service	essential_network_services
Action	ACCEPT
Log Allowed Traffic	enable
Enable NAT	enable
UTM	enable
Enable Antivirus	enable Default
Enable IPS	enable Default
Enable VoIP	enable Default
Comments	Essential network services

3. Select Create New, enter the following information, and select OK.


Source Interface/Zone	dmz
Source Address	company_servers
Destination Interface/Zone	wan1
Destination Address	all
Schedule	always
Service	essential_server_services
Action	ACCEPT
Log Allowed Traffic	enable
Enable NAT	enable
UTM	enable
Enable Antivirus	enable Default
Enable IPS	enable Default
Comments	Company servers accessing the Internet

4. Select Create New, enter the following information, and select OK.


Source Interface/Zone	Internal
Source Address	internal_network
Destination Interface/Zone	dmz
Destination Address	company_servers
Schedule	always
Service	all
Action	ACCEPT
Log Allowed Traffic	enable
Enable NAT	enable
UTM	enable
Enable Antivirus	enable Default
Enable IPS	enable Default
Comments	Access company servers