Chapter 7 Firewall for FortiOS 5.0 : Firewall objects : Example Scenario: Using FortiGate services to support Audio/Visual Conferencing : Policies
  
Policies
Incoming Policy
A policy has to be made to allow the traffic to come in from the Internet to connect to the Tele-conferencing server equipment.
Go to Policy -> Policy -> Policy.
Create New
Fill out the fields with the following information:
 
Policy Type
Firewall
Policy Subtype
Address
Incoming Interface
wan1
Source Address
all
Outgoing Interface
port7
Destination Address
Vid-Conf_Room216
Schedule
always
Service
A-V_Conference
Action
ACCEPT
Enable NAT
<not enabled>
Logging Options
Logging is a good idea but how much will depend on storage capabilities.
Security Profiles
Turn on IPS and choose “A-V_Conference-incoming”
Traffic Shaping,
Web cache,
WAN Optimization, Disclaimer:
The use of these features will depend on your network environment and should be decided by the network architect, as the decision will largely be based on network bandwidth, usage and importance of Video conferencing compared to other traffic.
Select OK.
The policy will then need to be put in the correct position in the sequence of the policies. Because it is a rather focused policy it should be acceptable to place it near the top of the policy order sequence.