Hi, I have an updated FortiGate 80E which I used for 7 months for blocking traffic from my LAN to WAN port (from inside of the network, to the gateway) an I recently switched from using my gateway as dhcp server to windows dhcp server, which connects directly to the fortigate lan11 port (I have the main network switch connected to lan12) and I wanted to block all the traffic from lan to lan over the fortigate using IPv4 policy (from mobile devices, all addresses, to the windows dhcp server, block all traffic), but I couldn't, and nothing happend. I don't have web filtering account or forticare (no subscription). how can I block the traffic rightly? thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The fgt's primary role is to act as an edge router/security device, sitting on the edge of your internal network to the WAN or Internet. It can only block/restrict traffic that goes over an interface (e..g. LAN -> WAN). (If you are using FortiAPs then it may be possible to whitelist wifi clients by mac address.)
Are you trying to block all wifi devices from connecting to your internal network? What's stopping you from creating a separate subnet for wifi devices only?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
One way to make this work would be to put the server on a different subnet/port. This way all traffic would have to cross the Fortigate and be acted upon using policies.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.