FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ojacinto
Staff
Staff
Description
    This article describes how to configure two or more firewall schedules to control when policies take effect.

    The schedule parameter in the policy configuration does not allow multiple schedules into a single policy.

Solution
In this example one customer needs to allow the traffic for a policy from monday to friday (08:00-17:30) and on saturdays (08:00-12:00). 

To achieve this, follow this procedure:

1) Firewall schedule from monday to friday (08:00-17:30h).
# config firewall schedule recurring
    edit "Monday_Friday"
        set start 08:00
        set end 17:30
        set day monday tuesday wednesday thursday friday
    next
end
2) Firewall schedule for saturdays  (08:00-12:00h).
# config firewall schedule recurring
    edit "weekend"
        set start 08:00
        set end 12:00
        set day saturday
    next
end
3) Configure a firewall schedule group.
# config firewall service group
    edit Custom_Schedule
        set member Monday_Friday weekend
    next
end
3) Assign the schedule profile to a firewall policy and position it at the top.
# config firewall policy
    edit 1
        set srcintf "Internal"
        set dstintf "WAN1"
        set srcaddr "Internal_users"
        set dstaddr "all"
        set action accept
        set schedule "Custom_Schedule"
        set schedule-timeout enable
        set service "ALL"
        set nat enable
    end
4) Enable schedule-timeout option on the firewall policy.

The schedule in a security policy enables certain aspects of network traffic to occur for a specific length of time.
The policy is active for a given time frame, and as long as the session is open, traffic can continue to flow.

Contributors