Hi Friends,
I am new to this forum, I have created a policy to block the traffic from China(& one of my remote location's IP) as attached pic.
And I have moved the policy to top in the sequence.
I have tested from my remote location, I am able access the firewall public IP and also I am able access the VPN.
So this policy is not working.
Can anyone help me to write correct policy to block traffic from a particular sub-net or country.
Thanks
Ramesh
Solved! Go to Solution.
Your policy is saying that you are not allowed to access your internal interface subnets from China.
When you access your firewall you access the WAN interface, not the internal.
If you want to limit access to login to your firewall you'll do that in the Administrator "trusted hosts".
To limit access to SSLVPN you have to create a rule "From WAN to ssl.root" and the source must be the China Networks and then deny.
Your policy is saying that you are not allowed to access your internal interface subnets from China.
When you access your firewall you access the WAN interface, not the internal.
If you want to limit access to login to your firewall you'll do that in the Administrator "trusted hosts".
To limit access to SSLVPN you have to create a rule "From WAN to ssl.root" and the source must be the China Networks and then deny.
Hi Nilson,
Thanks for your response.
its worked.
Thanks
Ramesh
In "Trusted Hosts", you can only specify a white list - hosts or subnets which you allow to access the management. If you want to set up a blacklist - addresses which you want to block - then you create a 'local-in' policy. Depending on the version of FortiOS, local-in policies are defined in the CLI only, or in the GUI.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.