Allow 2 applications but one to specific address?

Forum|Forum|8 years ago
February 13, 2018
2 replies
3463 views

I have A Fortigate 60E and i've setup Application Control to allow users to only use web clients and Citrix Receiver then added Application Control to the IPv4 Policy and it works fine.

Now I want to make it so Citrix Receiver can only go to a set group of IP Addresses but unsure how to do this? Lookign for any advise or pointers in the right direction.

Toshi_Esumi

SuperUser

You need to find out what ports Citrix Reciever uses and separate those from existing policy and place above it. With the new policy you can limit the destination addresses without affecting to web accesses.

dmcquade

New Member

Seperate the policy into 2 rules. One allowing Citrix Receiver access to the specific destination IPs (You may or may not want an App Control sensor here). The other rule set up for your browsing using customized security profiles that meet your browing needs. I recommend placing the browsing policies towards the end of the rulebase because the destination is generally all public addresses (I use the group object RFC1918 and negate the destination address field).

HTH

d

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded