- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 100F. Exception in an address object
Hello all,
I want to let subnet 10.0.0.0/8 out to the internet, however, i want to filter out 10.1.100.0/24. How do I do it in my 100F? Sorry, moved to Fortigate from a different product.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create a deny policy for 10.1.100.0/24 then place it above a policy to allow 10.0.0.0/8.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create a deny policy for 10.1.100.0/24 then place it above a policy to allow 10.0.0.0/8.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the solution! In Barracuda it was all in one rule, was hoping for something like that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If it were simply negate 10.1.100.0/24 then the rest were allowed, you could use a negate address like in the KB. But one policy doesn't seem to have a negate and normal addresses. So you still need to have two policies any way.
But even if they can co-exist in one policy, the FW would operate exactly the same way with two policies. So I don't see much benefit operation-wise. I think that's why they haven't added the feature yet. Nor strong demands.