170 Fortinet Inc.
Default firewall configuration Firewall configuration
Default firewall configuration
By default, the users on the network connected to port1 can connect through the
FortiGate unit to the network connected to port2. The firewall blocks all other
connections. The firewall is configured with a default policy that matches any
connection request received from the network connected to port1 and instructs the
firewall to forward the connection to the network connected to port2.
Figure 4: Default firewall policy
• Interfaces
• VLAN subinterfaces
• Zones
• Addresses
• Services
• Schedules
• Content profiles
Interfaces
Add policies to control connections between FortiGate interfaces and between the
networks connected to these interfaces. By default, you can add policies for
connections between the port1 to the port2 interfaces.
To add policies that include the port3 and port4/ha interfaces, you must use the
following steps to add these interfaces to the firewall policy grid:
1 If they are down, bring the port3 and port4/ha interfaces up.
See “Bringing up an interface” on page 135
2 Add IP addresses to port3 and port4/ha
See “Changing an interface static IP address” on page 136.
3 Add firewall addresses for these interfaces.
See “Adding addresses” on page 179.
VLAN subinterfaces
You can also add VLAN subinterfaces to the FortiGate configuration to control
connections between VLANs. For more information about VLANs, see “Configuring
VLANs” on page 139.
To add policies that include VLAN subinterfaces, you must use the following steps to
add the VLAN subinterfaces to the firewall policy grid:
1 Add VLAN subinterfaces to the FortiGate configuration.
See “Adding VLAN subinterfaces” on page 141.
2 Add firewall addresses for the VLAN subinterfaces.
See “Adding addresses” on page 179.
