Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BeerAdmin
New Contributor

Limit external access to a Central NAT IP.

So here's the scenario I find myself in that I want to find a solution to.

 

RDS Gateway inside the network, with a NAT'd IP on the external interface, via central NAT.

 

I'd like to drop all traffic that attempts to connect to the RDS gateway external IP, except for a specific list of IP addresses.

 

Is this possible, and if so, how do I craft a policy(s), that would allow this?

 

My first thought is to create an address group of allowed IPs, add in address objects as the IPs for the allowed sources, then create one policy that blocks all traffic, and then create a higher policy that allows traffic from the address group.

 

I'm just not sure how I would configure the incoming/outgoing interfaces in the policy, since I'm trying to limit traffic to the external interface NAT address.

1 REPLY 1
dbu
Staff
Staff

Hi @BeerAdmin ,
I think you need an basic allow policy from WAN to LAN port where 'RDS Gateway ' connects.
In this policy you will add that "specific list of IP addresses" which will be allowed to access the server.  These can be address objects you will create.  

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Top Kudoed Authors