Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
t_krawaczynski
New Contributor II

Created on ‎07-21-2022 02:26 AM

Internet block but not all

Hello everyone, I have a problem with internet blocking on production computers. If I disable Internet access for this network, I have a problem with windows / linux updates and additionally after entering my server in the local network, my site after https is dangerous because the computer cannot connect to verify the certificate. Any ideas?

Labels:
5741
0 Kudos
1 Solution
larsbollas
Staff
Staff
In response to t_krawaczynski

Created on ‎07-21-2022 05:07 AM Edited on ‎07-21-2022 05:12 AM

Hi t_krawaczynski,

You need to create a new IPv4 policy to allow certain types of traffic like windows and linux update to your network. Then, you have to move that policy on the top of the existing policy which blocks the internet connection.

For the server, you might need to import the server's SSL certificate into the fortigate:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...

Regards,
Lars Bollas
 

Regards.
Lars Bollas
NSE4

View solution in original post

5717
0 Kudos
7 REPLIES 7
larsbollas
Staff
Staff

Created on ‎07-21-2022 03:06 AM

Hi,

I just want to confirm, you want to block internet access in your network, but you still want the updates to come through for windows and linux?

Regards.
Lars Bollas
NSE4
5733
0 Kudos
t_krawaczynski
New Contributor II

Created on ‎07-21-2022 03:53 AM

Yes, and my local server has an SSL certificate to connect to https. The production computer must also have access to the certification organization

5724
0 Kudos
larsbollas
Staff
Staff
In response to t_krawaczynski

Created on ‎07-21-2022 05:07 AM Edited on ‎07-21-2022 05:12 AM

Hi t_krawaczynski,

You need to create a new IPv4 policy to allow certain types of traffic like windows and linux update to your network. Then, you have to move that policy on the top of the existing policy which blocks the internet connection.

For the server, you might need to import the server's SSL certificate into the fortigate:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...

Regards,
Lars Bollas
 

Regards.
Lars Bollas
NSE4
5718
0 Kudos
t_krawaczynski
New Contributor II
In response to larsbollas

Created on ‎07-21-2022 05:53 AM

Thank you very much, I already know how to do it

 

5715
0 Kudos
t_krawaczynski
New Contributor II
In response to larsbollas

Created on ‎07-21-2022 05:57 AM

How to add a new internet service? I only found windows update and I am forced to add a few websites.

5714
0 Kudos
larsbollas
Staff
Staff
In response to t_krawaczynski

Created on ‎07-21-2022 06:30 AM

t_krawaczynski,

It should be in the GUI:
Policy&objects>Internet Service Database> Create New

KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-internet-service-database-ba...

Regards.
Lars Bollas
NSE4
5706
0 Kudos
t_krawaczynski
New Contributor II
In response to larsbollas

Created on ‎07-21-2022 10:39 PM

I don't have the "Create New" window, I can only see edit / delete

 

5701
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.