Hi I'm new to FortiOS 6.4.5 and I've been asked to block internet access from a group of pc's on our network.
Attached is the policy, the address group and the adress.
What am I missing here?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you place the deny policy at the top above the others with the same interface pair (src to dst)?
I would also say you need to change the service from "Web Access" to "ALL"
Did you place the deny policy at the top above the others with the same interface pair (src to dst)?
I would also say you need to change the service from "Web Access" to "ALL"
Thanks to both. Had to change to all and move it to the top. It's working perfectly.
Hi,
The 'ALL' service will block access to all ports.
Add a new policy copying the one attached, allowing the 'Email Access' service (which will contain all relevant email ports) or if you wanted to explicitly allow POP3/POP3S and SMTP/SMTPS you can select these services individually, remember you will also need DNS if you are selecting individual services.
Remove the 'ALL' service and change Action to 'Allow' instead of 'Deny'.
Ensure the new policy is above your blocking Internet access policy.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.