Services While there are a number of services already configured within FortiOS, the firmware allows for administrators to configure there own. The reasons for doing this usually fall into one or more of the following categories: The service is not common enough to have a standard configuration The service is not established enough to have […]

Configuring IP pools A IP pool is essentially one in which the IP address that is assigned to the sending computer is not known until the session is created, therefore at the very least it will have to be a pool of at least 2 potential addresses. A quick example would be an IP pool […]

Virtual IPs The mapping of a specific IP address to another specific IP address is usually referred to as Destination NAT. FortiOS has a component that is a bit more specialized along this line called a Virtual IP Address, sometimes referred to as a VIP. FortiOS uses a Virtual IP address to map an External […]

Address Groups Address groups are designed for ease of use in the administration of the device. If you have a number of addresses or address ranges that will commonly be treated the same or require the same security policies, you can put them into address groups, rather than entering multiple individual addresses in each policy […]

IPv6 Addresses When creating an IPv6 address there are a number of different types of addresses that can be specified. These include: Subnet IP Range – the details of this type of address are the same as the IPv4 version of this type The IPv6 addresses don’t yet have the versatility of the IPv4 address […]

IPv4 Addresses   When creating an IPv4 address there are a number of different types of addresses that can be specified. These include: FQDN Geography IP Range IP/Netmask Wildcard FQDN   Which one chosen will depend on which method most easily yet accurately describes the addresses that you are trying to include with as few […]

Service Groups Just like some of the other firewall components, services can also be bundled into groups for ease of administration.   Creating a ServiceGroup 1. Go to Policy & Objects > Services. 2. Select Create New. A drop down menu is displayed. Select Service Group 3. Input a Group Name to describe the services […]

UUID Support A Universally Unique Identified (UUID) attribute has been added to some firewall objects, so that the logs can record these UUID to be used by a FortiManager or FortiAnalyzer unit. The objects currently include: Addresses, both IPv4 and IPv6 Address Groups, both IPv4 and IPv6 Virtual IPs, both IPv4 and IPv6 Virtual IP […]