Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jcrower
New Contributor

Bypass application control - what is the best way

Hi all,

 

We have a FortiGate 81f running FortiOS 7.0.5.

 

We have Application Control running that blocks proxy and vpn, which we want.

 

We do however have one internal device (static IP) that we need to connect via vpn to an external ip.  We also have another internal device that requires connection to an external proxy.

 

What is the best way to allow an internal ip to use vpn or proxy to contact an external ip? Custom IPS signature?

 

thanks

 

jc

1 Solution
seshuganesh
Staff
Staff

Hi Team,

 

The best way is to create one more application control and create one firewall policy on top for these two users and keep the firewall policy on top.

This should be fine.

View solution in original post

3 REPLIES 3
seshuganesh
Staff
Staff

Hi Team,

 

The best way is to create one more application control and create one firewall policy on top for these two users and keep the firewall policy on top.

This should be fine.

jcrower
New Contributor

Thanks.

 

So to clarify, will creating one firewall policy for both allow me to specify that only internal IP aaa.aaa.aaa.aaa can use OpenVPN to connect to external IP bbb.bbb.bbb.bbb and that only internal IP yyy.yyy.yyy.yyy can connect to proxy zzz.zzz.zzz.zzz?

 

I don't want to allow IP yyy.yyy.yyy.yyy to be able to use OpenVPN for instance.

 

thanks

jcrower
New Contributor

Hi seshuganesh,

 

Soryy, forgot I asked this.  I have set up the firewall rule as suggested and all good!