Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kadey
New Contributor II

Created on ‎04-07-2020 12:03 PM

Block gateway-sourced traffic...

I've created policies to restrict traffic to the internet sourced from a FortiGate 6.2 device itself, but they're not working. They're at the top of the policy list, and Deny in enabled.

 

Is this possible?

 

2111
0 Kudos
2 REPLIES 2
Dave_Hall
Honored Contributor

Created on ‎04-08-2020 12:27 PM

Hi Ken.

 

If you are trying to block incoming traffic from the Internet to your fgt, you will need to use a local-in-policy

 

Please note that ports used by the fgt are needed for certain services. This link explains what those ports are.  Is there a reason for wanting to block certain outgoing ports from the fgt itself?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
1559
0 Kudos
kadey
New Contributor II
In response to Dave_Hall

Created on ‎04-09-2020 05:44 AM

I'm just testing using Fabric Connector in policies, and just picked outbound traffic to test.

I can test with inbound as well, if I can use Fabric Connector objects in a local-in-policy.

 

1559
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.