Internet Service as source

Forum|Forum|7 years ago
November 7, 2018
1 reply
8748 views

I'm trying to configure an IPv4 policy on the WAN interface where the source address is an Internet Service but the services are only available as destination address. I can't trick the firewall by reversing the rule so I'm running out of ideas. In CLI I can apply the service but it only applies as destination address. Is it even possible to use Internet Services as source?

The firewall is FortiGate 201E running v5.6.5.

Thanks.

Dave_Hall

New Member

Hi Stefan.

Can you clarify or provide more details on what you are trying to do. Sounds like what you want is a port forward from outside (Internet side) directed to port (and IP) on the inside behind your fgt.

LamsterAuthor

New Member

My customer is running their incoming email through Office 365 before sending it to locally hosted servers. The local servers have virtual IPs configured and I have a policy configured with source 'all' and the protocols needed. However the customer wants me to restrict the source to be Microsoft servers instead of anyone since all mail will source from Office 365 and there shouldn't be anyone else communicating on these protocols.

Dave_Hall

New Member

According to the sub reddit post from a year ago, it doesn't look like you can set the source to "internet service". Though there is suggestive workarounds and/or going the extra mile to craft IP group/FQDN lists.

https://www.reddit.com/r/...u0g/o365_to_fortigate/

And of course there will be hardcoded limits in the number of firewall objects.

http://help.fortinet.com/fgt/56/max-values/5-6-5/max-values.html

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded