How to Block or Alow 1 device from WAN to local network.

NothingKai · ‎10-24-2016

Dear Guys,

I have a case, please give idead.

In picture, I wan creat policy for:

In the Chi nhanh 1

PC1 access to Server A, deny to Server B

PC2 access to Server B, deny to Server A

I try create device with MAC, and create Policy but not apply, please help.

Nils · ‎10-24-2016

Hi,

You will not see the PC's mac-addresses on the Fortigate. You'll only see the mac-address of the nearest router.

So in this case you need to create the policy based on the PCs IP-addresses.

Then you can achieve the scenario above.

andreadg88 · ‎10-24-2016

Hi,

the routing happen at level3 of OSI stack.

Do you need to know the IP of source device to block it with firewall rule.

Fortinet NSE4

ede_pfau · ‎10-24-2016

I strongly assume that the PCs connect via VPN as anything else would be a security risk. In a VPN the source addresses are preserved. So you only have to create address objects for your PCs and policies allowing PC1 to server A, and a policy allowing PC2 to server B.

If you connect directly, with the servers attached to the internet,...stop, redesign. No advice to continue this.

Ede

"Kernel panic: Aiee, killing interrupt handler!"