The addresses that a policy can receive traffic from can be wide open or tightly controlled. For a public webserver that the world at large should be able to access, the best choice will be “all”. If the destination is a private webserver that only the branch offices of a company should be able to access or a list of internal computers that are the only ones allowed to access an external resource then a group of preconfigured addresses is the better strategy.

Additional parameters under the Source Address, though they are not manditory are:

This parameter is based on a user identity that can be from a number of authentication authorities. It will be an account or group that has been set up in advance that can be sellected from the dropdown menu. The exception to this is the feature that allows the importing of LDAP Users. When the feature is used, a small wizard window will appear to guide the user through the setup. The caveat is that the LDAP server object in the User and Device > Authentication > LDAP Servers section has to be already configured to allow the use of this import feature.

This parameter is for narrowing down the traffic sending devices to those that the FortiGate is familiar with. Again the the contents of this parameter need to be a preconfigured object and these are defined at User and Device > Device > Device Definitions. This parameter can limit the devices that can connect to this policy to those specific MAC addresses that are already known by the FortiGate and are approved for the policy.