Dear Guys,
I have a case, please give idead.
In picture, I wan creat policy for:
In the Chi nhanh 1
PC1 access to Server A, deny to Server B
PC2 access to Server B, deny to Server A
I try create device with MAC, and create Policy but not apply, please help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You will not see the PC's mac-addresses on the Fortigate. You'll only see the mac-address of the nearest router.
So in this case you need to create the policy based on the PCs IP-addresses.
Then you can achieve the scenario above.
Hi,
the routing happen at level3 of OSI stack.
Do you need to know the IP of source device to block it with firewall rule.
Fortinet NSE4
I strongly assume that the PCs connect via VPN as anything else would be a security risk. In a VPN the source addresses are preserved. So you only have to create address objects for your PCs and policies allowing PC1 to server A, and a policy allowing PC2 to server B.
If you connect directly, with the servers attached to the internet,...stop, redesign. No advice to continue this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.