Config firewall policy

Forum|Forum|8 years ago
January 27, 2018
1 reply
6243 views

Hi guys,

New in using Fortinet firewall and getting familiar with configurations. 2 VIPs configured for external proxy and this has been configured under config firewall policy as dstaddr. I would like to know what does the dstaddr means is there are 2 two objects stated.

edit 11 set srcintf " internal" set dstintf " wan1 " set srcaddr " any" set dstaddr "VIP1""VIP2 "

set action accept

Thanks in advance

emnoc

New Member

The word dstaddr means "destination address", in this case it's the 2x VIPS that where configured

Ken

gnawstiAuthor

New Member

Thank you for the reply.

How will be the operation when there are two dstaddr, primary/secondary? It is good to clarify.

emnoc

New Member

NO that does not do that or work in that way, that's a fwpolicy, it looks at the VIP1 or VIP2 addres being allowed by that policy, nothing more. If traffic matches VIP1 or VIP2 address it will pass ( depending on the fwpolicy action of "accept" in your example )

Multiple src or dst addr applied to a fwpolicy reduce the total amount of rules and management. It can simplify design.

You could have more or less methods of achieving the same outcome;

examples

config firewall policy

edit 11 set srcintf " internal" set dstintf " wan1 " set srcaddr " any" set dstaddr "VIP2" set action accept blah blah blah

next

edit 12 set srcintf " internal" set dstintf " wan1 " set srcaddr " any" set dstaddr "VIP1"" set action accept blah blah blah

config firewall vipgrp

edit myvips

set member VIP1 VIP2

end

config firewall policy

edit 13 set srcintf " internal" set dstintf " wan1 " set srcaddr " any" set dstaddr myvips set action accept blah blah blah

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded