What objects can be used to match a policy on FortiGates?
A review of the things that a Fortigate takes into consideration when matching traffic with a policy.
💡
This is part of an on-going series in cybersecurity foundations. Check the cyber 101 article tag index from time to time for more content.
Today's topic is a quick (but important!) one: what characteristic(s) does a FortiGate firewall look at when determining which security policy to match an initial packet with?
- Incoming Interface - The interface the packet arrived to the firewall on.
- Outgoing Interface - The interface that the routing logic concludes the firewall should leave on.
- Source - The IP Address, user, or internet services where the traffic is coming from.
- Destination - The IP address, user, or internet services that the traffic is trying to go to.
- Schedule - The specific time of day when the policy should be enforced.
- Service - The specific IP protocol and port number.
Once FortiGate finds a match, the next steps depend on the action of the rule. If the action is set to "Deny", the session/traffic is dropped. If the action is set to "Accept", the FortiGate allows the session and applies additional configured settings/services/analysis, etc.
For more information, check out the following resources:
Inside FortiGate Firewall Policy: From Basics to Advanced Use Cases
🔍 What Is a FortiGate Firewall Policy? A Firewall Policy in FortiOS defines what traffic is allowed or denied between network segments, with granular controls like source/destination IP, ports, services, user identity, and even application layer inspection. Each policy is stateful, meaning once a s
Hemant Unune
FortiGate Firewall Policies: Simplified Setup and Actions
What Are Firewall Policies, and Why Are They Important? Imagine your network is like an exclusive nightclub, and you want to ensure only the right people get in while keeping troublemakers out. This is where firewall policies come in - acting as the rules your bouncer follows to decide who
Dylan Hughes
