Outgoing Policy
A policy has to be made to allow the traffic to leave from the subnet in the conference room to the Internet, not only for the traffic for the Tele-conferencing equipment but for normal traffic of users on the Internet such as web research and email. The traffic is outgoing so there is less of a need for an Intrusion Protection System filter, but check with the network architect in case there is a need for using one of the other security profiles.
1. Go to Policy & Objects > Policy > IPv4.
2. Select Create New.
3. Fill out the fields with the following information:
| Policy Type | Firewall | |
| Policy Subtype | Address | |
| Incoming Interface | port7 | |
| Source Address | Port7_subnet | |
| Outgoing Interface | wan1 | |
| Destination Address | all | |
| Schedule | always | |
| Service | any | |
| Action | ACCEPT | |
| Enable NAT | enabled Use Destination Interface Address | |
| Logging Options | Logging is a good idea but how much will depend on storage capabilities. | |
| Security Profiles | <see above> | |
| Traffic Shaping, Web cache, WAN Optimization, Disclaimer: | The use of these features will depend on your network environment and should be decided by the network architect, as the decision will largely be based on network bandwidth, usage and importance of Video conferencing compared to other traffic. | |
|
4. |
Select OK. |
The policy will then need to be put in the correct position in the sequence of the policies.
Specific Addresses in TCP/UDP/SCTP
In the TCP/UDP/SCTP services it is also possible to set the parameter for a specific IP or Fully Qualified Domain Name address. The IP/FQDN field refers to the destination address of the traffic, not the source. This means for example, that you can set up a custom service that will describe in a policy the TCP traffic over port 80 going to the web site example.com, but you cannot set up a service that describes the TCP traffic over port 80 that is coming from the computer with the address 192.168.29.59.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!