FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
guptar
Staff
Staff
Description
This article explains how to create a custom IPv4 policy for a specific destination.

Solution
From FortiOS 5.6 it is possible to create an IPv4 policy for specific destination traffic using Internet Service Database.

GUI:


In the policy listing page, an Internet Service object is used, it will be found in both the Destination and Service column.
In the policy editing page of the Destination Address, the Destination field has now two types: Address and Internet Service.



Above policy is for allowing Microsoft Office 365 and Skype traffic.
As this is a custom policy it should be on top of all other existing LAN-WAN policy.
There is an either or relationship between Internet Service objects and destination address and service combinations in firewall policies. This means that a destination address and service can be specified in the policy or in an Internet service, not both.

CLI
:

The related CLI options/syntax are:
# config firewall policy
    edit 1
        set internet-service 1 5 10
        set internet-service-custom test
        set internet-service-negate [enable|disable]
end

Related Articles

Technical Note: Internet Service Database - List of services, IP ranges, ports and protocols

Contributors