Limit external access to a Central NAT IP.

Forum|Forum|2 years ago
October 20, 2023
1 reply
984 views

So here's the scenario I find myself in that I want to find a solution to.

RDS Gateway inside the network, with a NAT'd IP on the external interface, via central NAT.

I'd like to drop all traffic that attempts to connect to the RDS gateway external IP, except for a specific list of IP addresses.

Is this possible, and if so, how do I craft a policy(s), that would allow this?

My first thought is to create an address group of allowed IPs, add in address objects as the IPs for the allowed sources, then create one policy that blocks all traffic, and then create a higher policy that allows traffic from the address group.

I'm just not sure how I would configure the incoming/outgoing interfaces in the policy, since I'm trying to limit traffic to the external interface NAT address.

FortiGate

dbu

Staff

Hi @BeerAdmin ,
I think you need an basic allow policy from WAN to LAN port where 'RDS Gateway ' connects.
In this policy you will add that "specific list of IP addresses" which will be allowed to access the server. These can be address objects you will create.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded