FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bvata
Staff
Staff
Description
This article explains how to configure access list on FortiGate.

Solution


Access lists are implemented after TCP/IP Stack and before DOS policy sensor on NP Processors(not NP Lite)

Configuration can be performed from the CLI:
# config firewall acl
    edit 1
        set status enable
        set comments ''
        set interface "port1"
        set srcaddr "MyPc"
        set dstaddr "all"
        set service "ALL_ICMP"
next
This will block the traffic coming from port1 and source address 'MyPc' to destination 'all'.
All other traffic is allowed.
Check the dropped packets with the command:
# diag firewall acl counter
Packet Flow: https://docs.fortinet.com/document/fortigate/6.0.0/parallel-path-processing-life-of-a-packet/881625...
CLI Reference: https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/929257/firewall-acl-acl6


Contributors