- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to implement Stealth Rule equivalent
Hi,
I would like to implement stealth rule in FortiGate Firewall without affecting VPN, HA services and others.
I have 2 administrators that I want to allow to have ICMP, SSH and HTTPS services to Firewall and all others is denied.
How can I safely make a rule in local-in-policy without affecting other services such as VPN.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As you probably already know the parameters you can specify in local-in-policy are
- interface
- source address
- destination address
- service
- schedule
If the services are not unique for what those privileged users need to be able to do, you have to tweak other parameters like src/dest addresses. It's not so easy.
Instead I would recommend separating them by VPN groups and set different firewall policies. They need to logon the VPN first then they can have special privileges.
