Disable pinging DMZ to DMZ

Forum|Forum|5 years ago
February 12, 2021
1 reply
2967 views

Everything is works fantastic with the DMZ setup. DMZ => WAN (works) DMZ => DMZ (works) LAN => DMZ (works) DMZ ╪> LAN (DMZ can not see the internal network) I'm wondering if there is a way to disable a DMZ from pinging another DMZ device. So far, they can ping each other. I've so far disabled the administrative ping in the Fortigate.

I've created the following:

DMZ to DMZ DENY - From DMZ - To DMZ - Source all - Destination all - Service ALL - Action DENY

They can still ping each other. Any help would appreciated. Thanks

Best answer by emnoc

If the traffic is not flowing thru the firewall then you can't control it. Since the src and destination is within the same broadcast domain this is not handled by the layer3 device ( aka the fw )

You could enable host based firewall if the end devices support that.

Ken Felix

emnocAnswer

New Member

If the traffic is not flowing thru the firewall then you can't control it. Since the src and destination is within the same broadcast domain this is not handled by the layer3 device ( aka the fw )

You could enable host based firewall if the end devices support that.

Ken Felix

philvAuthor

New Member

That make sense. Thanks for the reply.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded