Hello,
I'm tryin' to restrict access to my FortiGate on WAN ports using the local-in-policy feature. I have two WAN interfaces and the policies are like this:
My problem is that the policy number 2 does not work and the traffic on WAN1 is not limited. Does anyone have any suggestions?
Can you post the local-in policies and what u've tested that didn't worked ?
Policy 1: works
Policy 2: does not work
Policy 3: works
Policy 4: works
I tested with pings from both Italian and French IPs. For the policy 4 I also tested with debug flow which correctly discards traffic
Is the traffic coming in through wan1 or ha1 ?
Cuz if it's through ha1 w/ destination FW-privIP-2 it might not work.
The traffic comes trough both interfaces (HA1 is main, WAN1 is backup). HA1 has its public IP (FW-privIP-1) and WAN1 has its private IP in DMZ with the ISP's CPE (FW-privIP-2)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1849 | |
1133 | |
769 | |
447 | |
262 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.