Chapter 7 Firewall : Building firewall objects and policies
Building firewall objects and policies
The other chapters in the Firewall book have so far been concerned primarily with concepts and abstract ideas that are designed you help you understand what is going on with the firewall and what it can do. Now that we have a good grounding in the “what” it is time to get into the “how”.
This section will provide the instructions for the web-based manager (when available) and the CLI for adding and or editing FortiGate firewall objects and then how to put them together when building a policy to govern the traffic flowing through your network. To give some context, scenarios have been included. The instructions here are concerned with the creation of the objects. The inclusion of these objects into firewall policies is not shown in these instructions.
This chapter includes the instructions for building the following:
IPv4 Firewall Addresses
IPv6 Firewall Addresses
FQDN address
Changing the TTL of a FQDN address
New Geography-based Address
IPv4 Address Group
IPv4 Address Group
IPv6 Address Group
Multicast Address
Service Category
ICMP Service
ICMPv6 Service
Service Group
Virtual IP address
IP Pool
Central NAT Table
Firewall Schedule - Recurring
Firewall Schedule - One-time
Schedule Group
Proxy Option
DoS Policy
DoS Policy