To create a FortiGate firewall policy that is active for a specific duration each day (e.g., 1 hour per day), you can use Schedules. FortiGate provides two types of schedules: Recurring and One-Time. For your use case, you will need a Recurring Schedule.
Here’s how to configure it:
Step 1: Create a Recurring Schedule
Log in to your FortiGate web interface.
Go to Policy & Objects > Schedules.
Click Create New.
Configure the following:
Name: Enter a descriptive name (e.g., Daily_1Hour_Schedule).
Type: Select Recurring.
Recurring Period: Select the day(s) and time(s) when the policy should be active (e.g., every day from 14:00 to 15:00).
Click OK.
Step 2: Create a Firewall Policy
Go to Policy & Objects > IPv4 Policy (or IPv6 Policy, if applicable).
Click Create New.
Configure the following:
Name: Enter a descriptive name for the policy.
Incoming Interface: Select the interface where traffic originates.
Outgoing Interface: Select the interface where traffic is destined.
Source/Destination: Define the source and destination addresses.
Schedule: Select the recurring schedule you created (Daily_1Hour_Schedule).
Service: Specify the allowed services (e.g., HTTP, HTTPS, All).
Action: Select Accept.
Configure logging and inspection profiles as needed.
Click OK.
Step 3: Test and Verify
Check if the policy is active only during the specified time.
During the active period, ensure the traffic matches the policy.
Outside the active period, verify that the policy does not allow traffic.
Key Points to Note
Recurring Schedules automatically reset every day based on the configured time.
If you want a policy to be active for multiple separate periods (e.g., 1 hour in the morning and 1 hour in the evening), you can define multiple time slots in the same recurring schedule.
Ensure the order of the policy in the policy list is appropriate. Firewall policies are evaluated top-down, and the first match is applied.
