I have 2 address ranges: A 192.168.1.[1-10] and B 192.168.1.[30-60].
Now I made a Policy where I deny any traffic from A to B.
Source Interface: Internal
Source Address: 192.168.1.[1-10]
Destination Interface: Internal
Destination Address: 192.168.1.[30-60]
Unfortunately the rule doesn' t work.
There are some switches between, the PCs and the firewall.
Dows anyone know why I can' t block the traffic or only some services from one internal IP/range to another or what am I doing wrong?
I have a FG110C with firmware 4.0 MR3 Patch 15
Thanks in advice,
you have not included the network mask used.
Assuming it' s /24 (=255.255.255.0), your hosts do not need to send traffic to your router (the FGT) - they can make direct connections. The FGT is not involved with this.
If you want to control traffic between 2 groups of hosts you have to have 2 distinct IP ranges, like 192.168.1.[0-127] and .[128-255], with a network mask of /25. Then the FGT has to route between subnets and your policy would have an effect.
it will. If the address ranges are distinct, and the default gateway on both LANs is the same FGT interface then the FGT can route between them. It has to have an ' internal' to ' internal' policy to allow this. That' s where you can control the traffic.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.