- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Internet block but not all
Hello everyone, I have a problem with internet blocking on production computers. If I disable Internet access for this network, I have a problem with windows / linux updates and additionally after entering my server in the local network, my site after https is dangerous because the computer cannot connect to verify the certificate. Any ideas?
Solved! Go to Solution.
- Labels:
-
FortiGate
Created on ‎07-21-2022 05:07 AM Edited on ‎07-21-2022 05:12 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi t_krawaczynski,
You need to create a new IPv4 policy to allow certain types of traffic like windows and linux update to your network. Then, you have to move that policy on the top of the existing policy which blocks the internet connection.
For the server, you might need to import the server's SSL certificate into the fortigate:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...
Regards,
Lars Bollas
Lars Bollas
NSE4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I just want to confirm, you want to block internet access in your network, but you still want the updates to come through for windows and linux?
Lars Bollas
NSE4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, and my local server has an SSL certificate to connect to https. The production computer must also have access to the certification organization
Created on ‎07-21-2022 05:07 AM Edited on ‎07-21-2022 05:12 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi t_krawaczynski,
You need to create a new IPv4 policy to allow certain types of traffic like windows and linux update to your network. Then, you have to move that policy on the top of the existing policy which blocks the internet connection.
For the server, you might need to import the server's SSL certificate into the fortigate:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...
Regards,
Lars Bollas
Lars Bollas
NSE4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much, I already know how to do it
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to add a new internet service? I only found windows update and I am forced to add a few websites.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
t_krawaczynski,
It should be in the GUI:
Policy&objects>Internet Service Database> Create New
KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-internet-service-database-ba...
Lars Bollas
NSE4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't have the "Create New" window, I can only see edit / delete
