Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
idale
New Contributor

Ordering of Firewall Rules and Rule Grouping

I understand that firewall rules are processed from top to bottom and packets that are not matched to any rules are denied (assuming that is what your last rule does).

 

My question is whether their are any guidelines for rule ordering based on the rule being processed? For instance should rules containing NAT translation be placed at the top? What about rules processing inbound internet traffic?

 

Finally can sequence groups be nested?

 

Regards,

 

Ian

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor III

I don't quite understand what you're asking exactly. But the policies are stacked up based on source/destination interface pair. The order of inbound policies wouldn't affect to the order of outbound policies. Generally most specific one comes to the top regardless NAT is on or off.

idale

Toshi,

 

Firstly thanks for the response.

 

My understanding is that the firewall rules are ordered based on the order you decide correct?

 

 

Ian

 

Labels
Top Kudoed Authors