Block all traffic from App exclude one computer

Alvaro1 · ‎06-21-2021

Hi. I would like to block all App without certain users (IP/MAC adresses). Is it possible. When i go to Security -> Application Control -> select profile -> Application and filter Ovverride and add block for certain App it works. When i try to use it I'm blocked and these is ok. How can I bypass that block for certain computers? Is it possible to eg adress 192.168.1.45 have access to that app, but other are blocked?

Thanks for reply and have a nice day

jbindra · ‎07-25-2024

Yes, this is possible, you can create a firewall policy just for that address (192.168.1.45). For example if the address 192.168.1.45 is behind your LAN network. You can create a firewall policy like below and do not use the APPLICATION control security profile in this policy:

set srcintf LAN
set dstintf WAN
set action accept
set srcaddr 192.168.1.45
set dstaddr all
set schedule "always"
set service ALL

Enable NAT as well

Also remember to put this newly created firewall policy on top of the actual firewall policy in which you are using Application control.

avneesh_ · ‎07-25-2024

Another alternative to the solution mentioned, would be to use the source negate option on the firewall policy and USE application control. This policy would then hold the source ip of users you WANT to allow, and using source negate option would block essentially everyone else.

This alternative allows for having just one policy in place instead of two.

Refer to the following article for information on the source negate option
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-Policy-Negate-option/ta-p/194290

Block all traffic from App exclude one computer

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website