Fortigate CLI – Intro to firewall policies

Reading time: 2 – 4 minutes

  Before I get to far in this post, I should say that these are mostly just my notes from trying out the Fortigate’s firewall policies, I’m not an expert by any means, I’m just trying to take a crash course in them.  That said, now it’s time to break some shit:

config firewall policy
    edit 1
        set srcintf “internal”
        set dstintf “wan1″
            set srcaddr “all”
            set dstaddr “all”
        set action accept
        set schedule “always”
            set service “ANY”
        set nat enable
    next
end

  This is the default Fortigate firewall policy on my 60 using FortiOS 3.  It’s saying anything sourcing from internal, goin out the wan1 interface, from anywhere, to anywhere, allow it though and nat it.  Say you wanted this as a passthrough (Cause, that makes sense on a firewall….), the first step would be to disable nat.  Next, add a policy that allows from wann to internal.  Once done, the firewall will look like this:

FortiGate-60 # sho firewall policy
config firewall policy
    edit 1
        set srcintf “internal”
        set dstintf “wan1″
            set srcaddr “all”
            set dstaddr “all”
        set action accept
        set schedule “always”
            set service “ANY”
    next
    edit 2
        set srcintf “wan1″
        set dstintf “internal”
            set srcaddr “all”
            set dstaddr “all”
        set action accept
        set schedule “always”
            set service “ANY”
    next
end

  Once done, anything from the WAN can ping the LAN unfiltered.  I’m sure there’s more to it then this, but as to the firewall policy section, that’s pretty much how it works.   I’ll write up a few more, and better, posts in a bit, for example how to block some IPs while allowing others.

This entry was posted in Computers and networking, FortiGate\FortiNet, Networking. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>