I understand that firewall rules are processed from top to bottom and packets that are not matched to any rules are denied (assuming that is what your last rule does).
My question is whether their are any guidelines for rule ordering based on the rule being processed? For instance should rules containing NAT translation be placed at the top? What about rules processing inbound internet traffic?
Finally can sequence groups be nested?
Regards,
Ian
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't quite understand what you're asking exactly. But the policies are stacked up based on source/destination interface pair. The order of inbound policies wouldn't affect to the order of outbound policies. Generally most specific one comes to the top regardless NAT is on or off.
Toshi,
Firstly thanks for the response.
My understanding is that the firewall rules are ordered based on the order you decide correct?
Ian
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.