Website Permission

Forum|Forum|1 year ago
July 26, 2024
3 replies
2404 views

Greetings. 4 users are banned from the internet.But we want these users to access a local website. What should I do? Waiting for your help.

FortiGate

dbhavsar

Staff

Good day @BaranS ,

- You mean the local sites which are hosted behind LAN or DMZ? If yes then create a lan to wan policy add those user IP's in source and set action to deny. Furthermore, add another policy above it from lan to dmz and allow those IPs with respective services.

BaranSAuthor

New Member

Yes, it's a LAN-based website.It has an IP address and we translated it into a name with DNS. Do I need to add it as an address?

SonaMuvv

Staff

Hello BaranS,

You can add the website as an IP address or as a FQDN address object(or wildcard FQDN if applicable) in the firewall policy.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-wildcard-FQDN/ta-p/196118

kumarh

Staff

You can create a user group for the specific users and then configure local DNS and make sure that local website is resolved to internal IP of the users. After that create a policy to allow the local website for user and then another policy to deny internet access.

BaranSAuthor

New Member

I have defined the address I want to access.
After that, I just need to write a policy that allows the internet and add this address. Is that correct?

dbhavsar

Staff

@BaranS correct, just make sure you have correct policy configured. If you want to use FQDN make sure the DNS which users are using can resolve it to IP and you can use one Internal DNS on the FortiGate as well.

A

Anonymous_User

New Contributor II

You can capture the IP addresses of these 4 users and create a firewall policy to allow traffic to this local website.
Please ensure that this policy is placed above the policy that denies internet access to these 4 users.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded