Hello everyone, I have a problem with internet blocking on production computers. If I disable Internet access for this network, I have a problem with windows / linux updates and additionally after entering my server in the local network, my site after https is dangerous because the computer cannot connect to verify the certificate. Any ideas?
Solved! Go to Solution.
Created on 07-21-2022 05:07 AM Edited on 07-21-2022 05:12 AM
Hi t_krawaczynski,
You need to create a new IPv4 policy to allow certain types of traffic like windows and linux update to your network. Then, you have to move that policy on the top of the existing policy which blocks the internet connection.
For the server, you might need to import the server's SSL certificate into the fortigate:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...
Regards,
Lars Bollas
Hi,
I just want to confirm, you want to block internet access in your network, but you still want the updates to come through for windows and linux?
Yes, and my local server has an SSL certificate to connect to https. The production computer must also have access to the certification organization
Created on 07-21-2022 05:07 AM Edited on 07-21-2022 05:12 AM
Hi t_krawaczynski,
You need to create a new IPv4 policy to allow certain types of traffic like windows and linux update to your network. Then, you have to move that policy on the top of the existing policy which blocks the internet connection.
For the server, you might need to import the server's SSL certificate into the fortigate:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-SSL-certificate-as-a-local/t...
Regards,
Lars Bollas
Thank you very much, I already know how to do it
How to add a new internet service? I only found windows update and I am forced to add a few websites.
t_krawaczynski,
It should be in the GUI:
Policy&objects>Internet Service Database> Create New
KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-internet-service-database-ba...
I don't have the "Create New" window, I can only see edit / delete
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.