Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jasetcs
New Contributor III

Created on ‎02-13-2018 03:20 AM

Allow 2 applications but one to specific address?

I have A Fortigate 60E and i've setup Application Control to allow users to only use web clients and Citrix Receiver then added Application Control to the IPv4 Policy and it works fine.

 

Now I want to make it so Citrix Receiver can only go to a set group of IP Addresses but unsure how to do this? Lookign for any advise or pointers in the right direction.

 

 

3046
0 Kudos
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-13-2018 09:50 AM

You need to find out what ports Citrix Reciever uses and separate those from existing policy and place above it. With the new policy you can limit the destination addresses without affecting to web accesses.

1306
0 Kudos
dmcquade
New Contributor III

Created on ‎02-13-2018 05:04 PM

Seperate the policy into 2 rules. One allowing Citrix Receiver access to the specific destination IPs (You may or may not want an App Control sensor here). The other rule set up for your browsing using customized security profiles that meet your browing needs. I recommend placing the browsing policies towards the end of the rulebase because the destination is generally all public addresses (I use the group object RFC1918 and negate the destination address field).

 

HTH

d

1306
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.