Firewall Rule Not Working

Forum|Forum|9 years ago
November 16, 2016
1 reply
5620 views

Hi everyone i have this rules on my FortiGate 100d 5.2.9. 11.JPG

The first rule is givin acces to those sites ACE, Censecar, etc to the local lan range to a specific gruop of pc that i add via MAC and in the 9th rule im sayin that should block all internet access , so if the pages are not in the first rule block all other pages, but when i enable both rules, i dont get out to the internet not even the authorized pages. (just in that group of pc, everything else is working correct) i dont know if a made myself clear. I want to give that group of pc that i add via MAC just to specific web pages and block everything else. On object addresses im using the full URL as FQDN example www.censecar.com.mx

Any idea would so much appreciated

PD. im not using web filter , just the policies.

11.JPG

victorcreed

New Member

Hello

I think the problem might be DNS. What DNS servers are you using for external resolution? So policy 10 allows you to browse with no problems because is fully open. Policy 1 allows you access to the sites you specified but not sure if that includes DNS resolution. If DNS is not allowed in policy 1, then policy 9 will be blocking all DNS traffic.

To test if DNS is the problem, try this:

Below policy 1 create a new policy:

Source interface: lan

Destination interface: wan-load-balance

Source: all

Destination: all

Service: DNS

Then enable policy 1 and the blocking policy (would be policy 10 after you add the DNS test policy above).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded