Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
abdul6d
New Contributor

Need to allow particular web site to one IP

Dear Team, This is my first post if am wrong correct me :) We have Fortigate 100D and web filtering enabled, now we have one requirement that is need to allow one particular website to one server (rhel 10.0.0.61), is there any option to allow to IP ? normally we are authenticating through user/password but in this case application will not support user/password option. we need to allow Site access only particular server/IP. If anyone knows please help me out... Regards, abdul
8 REPLIES 8
rwpatterson
Valued Contributor III

Welcome to the forums. Create an address entity for the server and the destination IP address, then use them in a policy with that server as the source. Make sure to place this policy above the general web surfing policy, or it will never get hit. From the top down, first good policy gets the traffic. Hope that helps.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
ede_pfau
Esteemed Contributor III

...and of course you remember to check the " NAT" option.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
abdul6d
New Contributor

thanks.. but am using fortigate 100D with graphical console, if you don' t mind please let me know one by one steps.. Internet --> Fortigate 100D --> Private network 10.0.0.61 (allow facebook only to this ip )
abdul6d
New Contributor

i have created new address and created new webfilter and applied policy also but our network old policy already running, it is taking old policy.
Dave_Hall
Honored Contributor

As Bob indicated in his post, you need to move the new fw policy up in the fw rules chain. Remember -- firewall rules are executed from top to bottom.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
abdul6d
New Contributor

Thanks Dave, We have one more public ip is there any option to configuring public ip to server ? Thanks, abdul
rwpatterson
Valued Contributor III

Look to ' Virtual IP' in the firewall section. Create the VIP rule and use it in the destination of the policy.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
abdul6d
New Contributor

Dear All, I have configured Policy Route and source as server and outgoing interface as broadband, my requirement was done. Thanks all to spend yours valuable time. Many Thanks, Abdul :)
Labels
Top Kudoed Authors