Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
netrider
New Contributor

Can not specify allow and deny ports at a time for a server in polices

Hi we have Fortigate 61E (OS version 7.0.7 build0367 feature ) in our organization. At a time we can only allow or deny a port in the firewall policies for a server but can not specify both at a time (Example - allow 80 and deny 1433/1434).

 

FortiGate 

2 Solutions
jintrah_FTNT
Staff
Staff

Hi,

 

When you allow 80, only that port is allowed right and rest is already denied by implicit deny rule.

 

best regards,

Jin

View solution in original post

akristof

Hello,

No, FortiGate allows you only one action in firewall policy. So you would need to have 2 firewall policies, first that allows ports, second that denies ports. FortiGate always evaluates policies from top to bottom so order is important.

 

Yes, you will be able to monitor traffic after your subscription expires, at least you will be able to log traffic locally (you have disk) and even send them to syslog. Fortiview will also work.

Adrian

View solution in original post

4 REPLIES 4
jintrah_FTNT
Staff
Staff

Hi,

 

When you allow 80, only that port is allowed right and rest is already denied by implicit deny rule.

 

best regards,

Jin

netrider

yes that is right but i want to do that for more security. Is there any options to do that like other vendor firewall. Also i want to know that may i monitor traffic when the bundle subscription will be expired.

akristof

Hello,

No, FortiGate allows you only one action in firewall policy. So you would need to have 2 firewall policies, first that allows ports, second that denies ports. FortiGate always evaluates policies from top to bottom so order is important.

 

Yes, you will be able to monitor traffic after your subscription expires, at least you will be able to log traffic locally (you have disk) and even send them to syslog. Fortiview will also work.

Adrian
netrider

Ok thanks for support

Labels
Top Kudoed Authors