Disable pinging DMZ to DMZ

philv · ‎02-12-2021

Everything is works fantastic with the DMZ setup. DMZ => WAN (works) DMZ => DMZ (works) LAN => DMZ (works) DMZ ╪> LAN (DMZ can not see the internal network) I'm wondering if there is a way to disable a DMZ from pinging another DMZ device. So far, they can ping each other. I've so far disabled the administrative ping in the Fortigate.

I've created the following:

DMZ to DMZ DENY - From DMZ - To DMZ - Source all - Destination all - Service ALL - Action DENY

They can still ping each other. Any help would appreciated. Thanks

emnoc · ‎02-12-2021

If the traffic is not flowing thru the firewall then you can't control it. Since the src and destination is within the same broadcast domain this is not handled by the layer3 device ( aka the fw )

You could enable host based firewall if the end devices support that.

Ken Felix

PCNSE

NSE

StrongSwan

View solution in original post

emnoc · ‎02-12-2021

If the traffic is not flowing thru the firewall then you can't control it. Since the src and destination is within the same broadcast domain this is not handled by the layer3 device ( aka the fw )

You could enable host based firewall if the end devices support that.

Ken Felix

PCNSE

NSE

StrongSwan

philv · ‎02-12-2021

That make sense. Thanks for the reply.

Disable pinging DMZ to DMZ

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website