This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Dear All,
I have a question that I configured an Internet policy in the FortiGate firewall with allowing all services. I want to block DNS bypass. Is it possible to block only DNS service? I happy to make different policy for my DNS server but don't want to make another policy for my client systems.
Regards,
Deepak Kumar
I'd create a rule just above the previous one to block dns traffic . Did you try that?
Thanks, I can do it but is it possible the In the single Policy I will allow all services except the DNS?
Regards,
Deepak Kumar
Hi,
there is no reason to avoid to configure any deny policy but it is for basic Idea.
Regards,
Deepak Kumar
IMHO an explicit DENY policy is not only effective but openly documents your intention, namely that only the internal DNS is to be used. Besides, if you enable logging you could pinpoint the hosts which still are not using the (DHCP supplied) internal DNS.
Transparency is one of the foundations of security.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.