Security policies will define which session matches with one or more rules in a set and the actions the FortiGate unit will perform. The list of elements that a FortiGate will check includes:
Source Interface/Zone
Source Address
Destination Interface/Zone
Destination Address
Schedule and time of the session's initiation
Service and the packet's port numbers
UTM profiles
Based on the policies, a packet can be accepted or denied. Security policies are managed by navigating to the Policy | Policy | Policy menu. In the following screenshot we can see the screen used to edit a security policy:
After we have defined a firewall policy, it will look like the following screenshot. Inside a single policy firewall, the controls will be applied in the order we have selected. The firewall policies are evaluated in order from top to bottom. The first rule to match a packet will perform the action specified by the matched rule.