I understand that firewall rules are processed from top to bottom and packets that are not matched to any rules are denied (assuming that is what your last rule does).
My question is whether their are any guidelines for rule ordering based on the rule being processed? For instance should rules containing NAT translation be placed at the top? What about rules processing inbound internet traffic?
Finally can sequence groups be nested?
Regards,
Ian
I don't quite understand what you're asking exactly. But the policies are stacked up based on source/destination interface pair. The order of inbound policies wouldn't affect to the order of outbound policies. Generally most specific one comes to the top regardless NAT is on or off.
Toshi,
Firstly thanks for the response.
My understanding is that the firewall rules are ordered based on the order you decide correct?
Ian
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.