Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PierreV-MR
New Contributor

Multiple interfaces in local-in-policy

Hello,

I'm tryin' to restrict access to my FortiGate on WAN ports using the local-in-policy feature. I have two WAN interfaces and the policies are like this:

  1. Granting access to my trusted hosts on WAN1
  2. Implicit deny on WAN1
  3. Granting access to my trusted hosts on WAN2
  4. Implicit deny on WAN2

My problem is that the policy number 2 does not work and the traffic on WAN1 is not limited. Does anyone have any suggestions?

4 REPLIES 4
funkylicious
Contributor III

Can you post the local-in policies and what u've tested that didn't worked ?

geek
geek
PierreV-MR
New Contributor

Screenshot 2023-03-24 092316.png

 

Policy 1: works

Policy 2: does not work

Policy 3: works

Policy 4: works

 

I tested with pings from both Italian and French IPs. For the policy 4 I also tested with debug flow which correctly discards traffic

funkylicious

Is the traffic coming in through wan1 or ha1 ?

Cuz if it's through ha1 w/ destination FW-privIP-2 it might not work.

geek
geek
PierreV-MR

The traffic comes trough both interfaces (HA1 is main, WAN1 is backup). HA1 has its public IP (FW-privIP-1) and WAN1 has its private IP in DMZ with the ISP's CPE (FW-privIP-2)

Labels
Top Kudoed Authors