Block acces to an internal server

Network88 · ‎12-14-2018

Hi ,

I have a lan network 192.168.10.x and a server on 192.168.10.30 , every host from the same network can acces this server by tapping the ip adress on web URL , i want to let this acces just for IT departement and block it for other hosts on the entreprise please

Thanks

Dave_Hall · ‎12-14-2018

Keep in mind that the Fortigate's traditional role as a security appliance is to sit on the edge of your network, facing towards the Internet and/or in between network segments (see Security Fabric).

What you are asking is more akin to server security - setting up or locking down the server access via firewall rules (on the server) and/or login access, group policies, etc.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

Toshi_Esumi · ‎12-14-2018

A good practice is to isolate the subnet for servers from all other devices, and put it on an individual interface/vlan. Then you can apply FW policies to control server accesses.

View solution in original post

Dave_Hall · ‎12-14-2018

Keep in mind that the Fortigate's traditional role as a security appliance is to sit on the edge of your network, facing towards the Internet and/or in between network segments (see Security Fabric).

What you are asking is more akin to server security - setting up or locking down the server access via firewall rules (on the server) and/or login access, group policies, etc.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Toshi_Esumi · ‎12-14-2018

A good practice is to isolate the subnet for servers from all other devices, and put it on an individual interface/vlan. Then you can apply FW policies to control server accesses.

Network88 · ‎01-11-2019

You are right , thanks for the tip

Block acces to an internal server

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website