Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Firewall Rule Not Working

Hi everyone i have this rules on my FortiGate 100d 5.2.9. 11.JPG


The first rule is givin acces to  those sites  ACE, Censecar, etc to the local lan range to a specific gruop of pc that i add via MAC and in the 9th rule im sayin that should block all internet access , so if the pages are not in the first rule block all other pages, but when i enable both rules, i dont get out to the internet not even the authorized pages. (just in that group of pc, everything else is working correct) i dont know if a made myself clear. I want to give that group of pc that i add via MAC just to specific web pages and block everything else. On object addresses im using the full URL  as FQDN example 


Any idea would so much appreciated 


PD. im not using web filter , just the policies.


New Contributor III



I think the problem might be DNS. What  DNS servers are you using for external resolution? So policy 10 allows you to browse with no problems because is fully open. Policy 1 allows you access to the sites you specified but not sure if that includes DNS resolution. If DNS is not allowed in policy 1, then policy 9 will be blocking all DNS traffic.

To test if DNS is the problem, try this:

Below policy 1 create a new policy:

Source interface: lan

Destination interface: wan-load-balance

Source: all

Destination: all

Service: DNS


Then enable policy 1 and the blocking policy (would be policy 10 after you add the DNS test policy above).





Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors