Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Internet Service Database Policy Placement

Hi All

I have a question where i should best place the ISDB Policy for traffic from internal to WAN.

There are 2 policies now


1st: Internal to wan with webservices HTTP & HTTPS allowed

2nd: ISDB Policy with different categories.


Where is the recommended Placement of the Policy?




As a general rule of thumb, it is recommended to have more specific/granular policies at the top and then the generic ones would follow. If the ISDB policy, in your case, is to block a certain category of websites, it should come before an allow rule for HTTP/HTTPS. 


In the end, the choice depends on whether you want to allow or deny a src/dst combination and keep the specific ones at the top. 


Feel free to ask additional questions with specific details if any. 





Hello Manoj


I created several access policies for servers with ports allowed.

for users there are 2 Internet access policies

1st is with websurfing category enabled

the other one has different ports allowed.


i would like to allow now diffferent isdb destinations. for ex. o365, apple services, atlassian and some more.


users who are allowed to access internet and also the isdb destinations are authenticated over the fortiagent on the DC for granting permissions to internet.


Just interesting for me where to place this policy. above or below the internet access policy


BR Bernhard


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors