Hi everyone i have this rules on my FortiGate 100d 5.2.9. 11.JPG
The first rule is givin acces to those sites ACE, Censecar, etc to the local lan range to a specific gruop of pc that i add via MAC and in the 9th rule im sayin that should block all internet access , so if the pages are not in the first rule block all other pages, but when i enable both rules, i dont get out to the internet not even the authorized pages. (just in that group of pc, everything else is working correct) i dont know if a made myself clear. I want to give that group of pc that i add via MAC just to specific web pages and block everything else. On object addresses im using the full URL as FQDN example www.censecar.com.mx
Any idea would so much appreciated
PD. im not using web filter , just the policies.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
I think the problem might be DNS. What DNS servers are you using for external resolution? So policy 10 allows you to browse with no problems because is fully open. Policy 1 allows you access to the sites you specified but not sure if that includes DNS resolution. If DNS is not allowed in policy 1, then policy 9 will be blocking all DNS traffic.
To test if DNS is the problem, try this:
Below policy 1 create a new policy:
Source interface: lan
Destination interface: wan-load-balance
Source: all
Destination: all
Service: DNS
Then enable policy 1 and the blocking policy (would be policy 10 after you add the DNS test policy above).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.