Skip to main content
netrider
netrider
New Member
November 23, 2022
Solved

Can not specify allow and deny ports at a time for a server in polices

  • November 23, 2022
  • 1 reply
  • 2607 views

Hi we have Fortigate 61E (OS version 7.0.7 build0367 feature ) in our organization. At a time we can only allow or deny a port in the firewall policies for a server but can not specify both at a time (Example - allow 80 and deny 1433/1434).

 

FortiGate 

Best answer by akristof

Hello,

No, FortiGate allows you only one action in firewall policy. So you would need to have 2 firewall policies, first that allows ports, second that denies ports. FortiGate always evaluates policies from top to bottom so order is important.

 

Yes, you will be able to monitor traffic after your subscription expires, at least you will be able to log traffic locally (you have disk) and even send them to syslog. Fortiview will also work.

1 reply

jintrah_FTNT
Staff
jintrah_FTNT
Staff
November 23, 2022

Hi,

 

When you allow 80, only that port is allowed right and rest is already denied by implicit deny rule.

 

best regards,

Jin

netrider
netriderAuthor
New Member
November 24, 2022

yes that is right but i want to do that for more security. Is there any options to do that like other vendor firewall. Also i want to know that may i monitor traffic when the bundle subscription will be expired.

akristof
Staff
akristofAnswer
Staff
November 24, 2022

Hello,

No, FortiGate allows you only one action in firewall policy. So you would need to have 2 firewall policies, first that allows ports, second that denies ports. FortiGate always evaluates policies from top to bottom so order is important.

 

Yes, you will be able to monitor traffic after your subscription expires, at least you will be able to log traffic locally (you have disk) and even send them to syslog. Fortiview will also work.

Terms & ConditionsAccessibility statement