Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PierreV-MR
New Contributor

Multiple interfaces in local-in-policy

Hello,

I'm tryin' to restrict access to my FortiGate on WAN ports using the local-in-policy feature. I have two WAN interfaces and the policies are like this:

  1. Granting access to my trusted hosts on WAN1
  2. Implicit deny on WAN1
  3. Granting access to my trusted hosts on WAN2
  4. Implicit deny on WAN2

My problem is that the policy number 2 does not work and the traffic on WAN1 is not limited. Does anyone have any suggestions?

4 REPLIES 4
funkylicious
SuperUser
SuperUser

Can you post the local-in policies and what u've tested that didn't worked ?

"jack of all trades, master of none"
"jack of all trades, master of none"
PierreV-MR
New Contributor

Screenshot 2023-03-24 092316.png

 

Policy 1: works

Policy 2: does not work

Policy 3: works

Policy 4: works

 

I tested with pings from both Italian and French IPs. For the policy 4 I also tested with debug flow which correctly discards traffic

funkylicious

Is the traffic coming in through wan1 or ha1 ?

Cuz if it's through ha1 w/ destination FW-privIP-2 it might not work.

"jack of all trades, master of none"
"jack of all trades, master of none"
PierreV-MR

The traffic comes trough both interfaces (HA1 is main, WAN1 is backup). HA1 has its public IP (FW-privIP-1) and WAN1 has its private IP in DMZ with the ISP's CPE (FW-privIP-2)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors