Can't Block mobile traffice LAN to LAN FortiGate 80E

Forum|Forum|7 years ago
March 28, 2019
1 reply
4041 views

Hi, I have an updated FortiGate 80E which I used for 7 months for blocking traffic from my LAN to WAN port (from inside of the network, to the gateway) an I recently switched from using my gateway as dhcp server to windows dhcp server, which connects directly to the fortigate lan11 port (I have the main network switch connected to lan12) and I wanted to block all the traffic from lan to lan over the fortigate using IPv4 policy (from mobile devices, all addresses, to the windows dhcp server, block all traffic), but I couldn't, and nothing happend. I don't have web filtering account or forticare (no subscription). how can I block the traffic rightly? thanks.

Dave_Hall

New Member

The fgt's primary role is to act as an edge router/security device, sitting on the edge of your internal network to the WAN or Internet. It can only block/restrict traffic that goes over an interface (e..g. LAN -> WAN). (If you are using FortiAPs then it may be possible to whitelist wifi clients by mac address.)

Are you trying to block all wifi devices from connecting to your internal network? What's stopping you from creating a separate subnet for wifi devices only?

rwpatterson

New Member

One way to make this work would be to put the server on a different subnet/port. This way all traffic would have to cross the Fortigate and be acted upon using policies.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded