Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fingand
New Contributor

Created on ‎08-20-2018 09:37 AM

IP/FQDN in a Service

Forgive my ignorance, but can someone explain the purpose of specifying an IP/FQDN in a FortiOS service?  If I create a service and specify the relevant ports (or port range) and also an IP/FQDN address will the service only apply if I’m accessing that particular IP/FQDN address.  If so, do I still need to specifically allow access to the destination IP address separately when I actually use the service in a policy?

 

4159
0 Kudos
1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Created on ‎08-20-2018 12:44 PM

Your assumption is same as mine. The manual [http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/Config...] says

In the IP/FQDN field, an IP address or Fully Qualified Domain name can be entered if there is to be a specific destination for the service

I think it's meant to be narrow down the service to only specific devices/IPs, like TCP 5000 only on 192.168.1.129, and TCP 5001 on 192.168.1.130, ... while in the destination field of the policy you specify 192.168.1.128/29.

1957
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.