Hey guys,

I have a question that I haven't been able to solve yet and I need help on how to do it.
I need the linux servers, be they debian or cent os... in fact, regardless of the system, only their proper repositories are allowed on the firewall.
For example: a debian server needs to install the NTP service and I want to release for a period only the apt-get repositories so that the analyst can run this, the rest to leave locked. Currently to perform any system update on linux or installation of new packages I need to release all targets on port 80 and 443.
Is there a way to restrict this access from linux machines on the firewall?
I tried to look for something like IP Ranges used by each distribution or a service in FortiGate's Internet Services, but I haven't found a way that suits me the way I want.
Has anyone been through this or had this need?
I don't know if that would be the best way to act either.
FortiOS is at version 6.2.7.

Thank you all.