Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bvata
Staff
Staff

Created on ‎12-24-2019 05:45 AM

Technical Tip: Configuring access lists

Description
This article explains how to configure access list on FortiGate.

Solution


Access lists are implemented after TCP/IP Stack and before DOS policy sensor on NP Processors(not NP Lite)

Configuration can be performed from the CLI:
# config firewall acl
    edit 1
        set status enable
        set comments ''
        set interface "port1"
        set srcaddr "MyPc"
        set dstaddr "all"
        set service "ALL_ICMP"
next
This will block the traffic coming from port1 and source address 'MyPc' to destination 'all'.
All other traffic is allowed.
Check the dropped packets with the command:
# diag firewall acl counter
Packet Flow: https://docs.fortinet.com/document/fortigate/6.0.0/parallel-path-processing-life-of-a-packet/881625...
CLI Reference: https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/929257/firewall-acl-acl6

2506
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.