New Member

Question

50E Policy Setup Issues

Hello,

I have a new Fortigate FG50E which is on a work group (no servers or AD etc).

The initial policy setup allows LAN-WAN source all, destination any, and this seems to work.

The minute I add another policy, still LAN->WAN but source is set to 1 specific IP, other IP's on the LAN are also getting blocked.

I don't know where to go beyond this to find out why.

Could someone please help.

Cheers

Al

New Member

Hi,

First, can you show us the two policies, please?

You can also debug to find out why access is blocked:

diagnose debug en
diagnose debug flow filter saddr (source IP)
diagnose debug flow filter daddr (destination IP)
diagnose debug flow trace start 30

Run your query

diagnose debug disable
diagnose debug reset

Attach it here the output

Regards,

New Member

POLICIES:

config firewall policy

    edit 1

        set name "No Schedule LAN to WAN"

        set uuid 0a65c1b2-5fea-51e9-f032-1a950c0607d7

        set srcintf "lan"

        set dstintf "Vodafone WAN"

        set srcaddr "all"

        set dstaddr "all"

        set action accept

        set schedule "always"

        set service "ALL"

        set fsso disable

        set nat enable

    next

    edit 2

        set name "Scheduled No Social Media"

        set uuid a8668fac-60cd-51e9-b8fc-b0ef676b8932

        set srcintf "lan"

        set dstintf "Vodafone WAN"

        set srcaddr "Beyonce"

        set dstaddr "all"

        set action accept

        set schedule "Kids"

        set service "ALL"

--More--                  set utm-status enable

        set fsso disable

        set application-list "Kids Application Control"

        set ssl-ssh-profile "certificate-inspection"

        set nat enable

    next

end

New Member

Screenshot or in CLI "show firewall policy"

Regards

Sign up