Hey, guys,

I have a question that I still can't resolve and I need help to resolve it. I need linux servers, regardless of operating system, only their proper repositories are allowed on the firewall. For example: a debian server needs to install the NTP service and I want to release for a period only the apt-get repositories so that the analyst can run this, the rest should be blocked. Currently, to perform any system update on linux or install new packages, I need to release all targets on ports 80 and 443. Is there a way to restrict this access from Linux machines on the firewall? I tried to look for something like IP Ranges used by each distribution or service in FortiGate Internet Services, but I couldn't find a simple way to do this. Has anyone been through this or had this need? I don't know if that would be the best way to act either. FortiOS is at version 6.2.7. Thank you all.