Fortigate allow internet destination traficc only from http to any port.

Mod_Smilzo · ‎03-15-2018

Somebody knows the way to allow internet destination traffic in fortigate only from the HTTP type to any port. Regrats.

ericli_FTNT · ‎03-15-2018

Mod.Smilzo wrote:
Somebody knows the way to allow internet destination traffic in fortigate only from the HTTP type to any port. Regrats.

Hi there,

So, your question is how to filter HTTP1.x or HTTP2 traffic on the Fortigate? I'm not so sure about if I understand your question.

Mod_Smilzo · ‎03-15-2018

No what i want to do is allow all the outbound trafic only by http protocol . I mean if someone wants to use FTP protocol , should use over http no over FTP.

ericli_FTNT · ‎03-15-2018

So in this case, I think you should better list all unwanted services and create one blocking policy, and put this policy in the top of other allow policies.

ericli_FTNT · ‎03-15-2018

Mod.Smilzo wrote:
No what i want to do is allow all the outbound trafic only by http protocol . I mean if someone wants to use FTP protocol , should use over http no over FTP.

So in this case, I think you should better list all unwanted services and create one blocking policy, and put this policy on the top of other allow policies.

oheigl · ‎03-16-2018

I think he only wants to allow HTTP traffic, no matter what port is used, like NGFW mode.

rwpatterson · ‎03-15-2018

It appears that he wishes to filter outbound traffic.

Create a policy that allows only the HTTP protocol to destination 'all' and apply the NAT checkbox. The source interface will be where your PCs/servers reside (internal usually) and the destination is the WAN port (wan1 or wan2 usually). Larger models use the designation port where x could be from 1 to n, depending on model.

That is the simple answer if I understood your question.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Mod_Smilzo · ‎03-16-2018

@ericli_FTNT if i did that , is somebody wants to use the FTP protocolo over 21 port its not allowed , because it has to be FTP over HTTP thats what im loocking for. I NEED ALL THE SERVICES , BUT NEED ALL OVER HTTP.

Regrats

Mod_Smilzo · ‎03-16-2018

@rwpatterson , yes dude thats exactly what im looking for , filter outbound traffic but by service or protocol.

So its like if someone wants to use FTP protocolo , should use over HTTP.

Mod_Smilzo · ‎03-16-2018

@OHIGL dude i miss underestand , thats exactly what i want to do , HTTP OUTBOUND TRAFIC to anyport , i miss underestood my boos whit the protocols ... !! Only need , allow http trafic to anyport , becouse when im on a streaming with someone , they use over http a few ports random and i have problems , becouse a have to allow manualy etc. So if i have allowed all the ports over http i will not have that problem anymore.

Fortigate allow internet destination traficc only from http to any port.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website