Fortigate 100F. Exception in an address object

Forum|Forum|5 years ago
October 27, 2020
1 reply
3721 views

Hello all,

I want to let subnet 10.0.0.0/8 out to the internet, however, i want to filter out 10.1.100.0/24. How do I do it in my 100F? Sorry, moved to Fortigate from a different product.

Best answer by Toshi_Esumi

Create a deny policy for 10.1.100.0/24 then place it above a policy to allow 10.0.0.0/8.

Toshi_EsumiAnswer

SuperUser

Create a deny policy for 10.1.100.0/24 then place it above a policy to allow 10.0.0.0/8.

Olala1389Author

New Member

Thank you for the solution! In Barracuda it was all in one rule, was hoping for something like that.

Toshi_Esumi

SuperUser

If it were simply negate 10.1.100.0/24 then the rest were allowed, you could use a negate address like in the KB. But one policy doesn't seem to have a negate and normal addresses. So you still need to have two policies any way.

But even if they can co-exist in one policy, the FW would operate exactly the same way with two policies. So I don't see much benefit operation-wise. I think that's why they haven't added the feature yet. Nor strong demands.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded