Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
swiss_daddy
New Contributor II

Fortigate 7.6.1 policy with timer and passwort release

Hello all 

I'm a new fortigate user and have a Fortigate 40F at home.

 

How is it possible to create a Fortigate firewall policy that expires after a certain period of time?

I don't mean a policy with "Policy expiration - Expiration date"! 

I mean a policy where I can set that it can only be active for 1 hour during 24 hours and then resets itself the next day and again for 1 hour may be active.

Reason of the question:
I'm looking for a way to limit internet access for my teenagers to a certain time per day, so that they only have internet access for a total of, for example, 1 hour each day.  (not always same time every day - so a timer)

If I could then activate this policy rule with an admin account, that would be great.

Thank you for your help.

Greeting
Benjamin

 

1 Solution
vbandha
Staff
Staff

Hello @swiss_daddy 

You can try Usage Quota in web filter:

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/801136/usage-quota

 

If you want to specify access for certain exact time in the day then schedule would be a good option:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-schedule-policy-with-deny...

 

Regards,

Varun

View solution in original post

10 REPLIES 10
vbandha
Staff
Staff

Hello @swiss_daddy 

You can try Usage Quota in web filter:

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/801136/usage-quota

 

If you want to specify access for certain exact time in the day then schedule would be a good option:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-schedule-policy-with-deny...

 

Regards,

Varun

swiss_daddy
New Contributor II

Hello Varun

Thank you for your answer.
But this is not a good solution for me.

Like I have written .... I'm looking for a solution for not always same time every day - so a timer, not a fix time.

Thank you

Regards
Benjamin

dingjerry_FTNT

Hi @swiss_daddy ,

 

If it is not a fixed time, you must manually modify the schedule object every day.

Regards,

Jerry
swiss_daddy
New Contributor II

Hello Varun

This Idea with Quata Webfilter is really good!
Thank you so much for this.
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/801136/usage-quota

My problem is ....
I dont have this Option in my Fortigate 7.6.1. Webfilter Profile!
I think my Fortigate is still in Flow Based Mode and not in Proxy Mode.
1.jpg

At the moment I dont know how I can switch this Fortigate 7.6.1 to 
Proxy Mode over the Gui.
Do you know this?

After this the Option Usage Quota should be visible.

Many thanks.
Regards
Benjamin

dingjerry_FTNT

Hi @swiss_daddy ,

 

Could you please run the following commands to collect some outputs?

 

get system status

config webfilter profile

edit Test

get

 

// To exit without saving the new profile, run:

 

abort

Regards,

Jerry
dingjerry_FTNT

Hi @swiss_daddy ,

 

You may create the following schedule and apply it in the said firewall policy:

 

dingjerry_FTNT_0-1734736818549.png

 

Regards,

Jerry
Durga_Ashwath

To create a FortiGate firewall policy that is active for a specific duration each day (e.g., 1 hour per day), you can use Schedules. FortiGate provides two types of schedules: Recurring and One-Time. For your use case, you will need a Recurring Schedule.

Here’s how to configure it:

Step 1: Create a Recurring Schedule
Log in to your FortiGate web interface.
Go to Policy & Objects > Schedules.
Click Create New.
Configure the following:
Name: Enter a descriptive name (e.g., Daily_1Hour_Schedule).
Type: Select Recurring.
Recurring Period: Select the day(s) and time(s) when the policy should be active (e.g., every day from 14:00 to 15:00).
Click OK.

Step 2: Create a Firewall Policy
Go to Policy & Objects > IPv4 Policy (or IPv6 Policy, if applicable).
Click Create New.
Configure the following:
Name: Enter a descriptive name for the policy.
Incoming Interface: Select the interface where traffic originates.
Outgoing Interface: Select the interface where traffic is destined.
Source/Destination: Define the source and destination addresses.
Schedule: Select the recurring schedule you created (Daily_1Hour_Schedule).
Service: Specify the allowed services (e.g., HTTP, HTTPS, All).
Action: Select Accept.
Configure logging and inspection profiles as needed.
Click OK.

Step 3: Test and Verify
Check if the policy is active only during the specified time.
During the active period, ensure the traffic matches the policy.
Outside the active period, verify that the policy does not allow traffic.

Key Points to Note
Recurring Schedules automatically reset every day based on the configured time.
If you want a policy to be active for multiple separate periods (e.g., 1 hour in the morning and 1 hour in the evening), you can define multiple time slots in the same recurring schedule.
Ensure the order of the policy in the policy list is appropriate. Firewall policies are evaluated top-down, and the first match is applied.

swiss_daddy

Hello Durga_Ashwath

Thank you very much for your time and your answer.


Unfortunately, you didn't understand my request completely correctly.

I don't want to have a firewall policy that is always active at the same time.

I would like to have a timer that, for example, is active for a total of 1 hour within 24 hours, but not always at the same time within these 24 hours.

The idea is that I could then give the kids a “timer quota” and tell them that they can use internet access for a total of 1 hour every day.
I don't know exactly what time (what time frame) they use this hour.

Do you understand?

Regards
Benjamin



 
 
swiss_daddy
New Contributor II

Hello everyone

Unfortunately I just found the following information...

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/519079?preview_token=6ac61bf... 

It could be that I can't turn on the proxy-based mode (Security Feature Explicit and transparent proxies) because I have a Fortigate 40F with less than 2GB RAM and have already switched to
Fortigate OS 7.6.1!

Such a shame - I could have really used it.

 

Regards
Benjamin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors