Skip to main content
spidey
spidey
New Member
April 23, 2018
Question

How to implement Stealth Rule equivalent

  • April 23, 2018
  • 1 reply
  • 3732 views

Hi,

 

   I would like to implement stealth rule in FortiGate Firewall without affecting VPN, HA services and others.

I have 2 administrators that I want to allow to have ICMP,  SSH and HTTPS services to Firewall and all others is denied.

How can I safely make a rule in local-in-policy without affecting other services such as VPN.

 

Thank you.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    April 23, 2018

    As you probably already know the parameters you can specify in local-in-policy are

     - interface

     - source address

     - destination address

     - service

     - schedule

    If the services are not unique for what those privileged users need to be able to do, you have to tweak other parameters like src/dest addresses. It's not so easy. 

    Instead I would recommend separating them by VPN groups and set different firewall policies. They need to logon the VPN first then they can have special privileges.

    Terms & ConditionsAccessibility statement