Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tmoe
New Contributor

Created on ‎05-03-2013 08:40 AM

Outbound traffic block

How would you recommend blocking all outbound traffic from a single internal IP? The same IP has incoming services for FTP and another custom service already. I want this server to ONLY be able to communicate in or out over the 2 services I specify. Thanks in advance, Tmoe
FG200B - HA Cluster FWF60B (15) - Remote sites MPLS FWF80C (5) - Remote sites IPSEC FLG800 - FortiAnalyzer FMG400B - FortiManager FortiClient (250 seats) Remote users
FG200B - HA Cluster FWF60B (15) - Remote sites MPLS FWF80C (5) - Remote sites IPSEC FLG800 - FortiAnalyzer FMG400B - FortiManager FortiClient (250 seats) Remote users
5728
0 Kudos
4 REPLIES 4
emnoc
Esteemed Contributor III

Created on ‎05-03-2013 09:42 AM

Install a fwpolicy as a specific entry before any allow ANY/ALL , with a deny any for that ip_address & outbound.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2829
0 Kudos
rwpatterson
Valued Contributor III
In response to emnoc

Created on ‎05-03-2013 10:51 AM

BEFORE the deny, you need to install an allow (outward) for the protocols you require, THEN the deny all (others) from that single IP. Just the deny will... deny!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2829
0 Kudos
tmoe
New Contributor

Created on ‎05-03-2013 11:17 AM

Perfect! I used 3 policies. 1 to allow the specific services in to the server. 1 to allow the specific services out of the server. 1 to deny all traffic to the server. I put them in that order as well. Works like a champ! My LAN is port13 WAN is port14
FG200B - HA Cluster FWF60B (15) - Remote sites MPLS FWF80C (5) - Remote sites IPSEC FLG800 - FortiAnalyzer FMG400B - FortiManager FortiClient (250 seats) Remote users
FG200B - HA Cluster FWF60B (15) - Remote sites MPLS FWF80C (5) - Remote sites IPSEC FLG800 - FortiAnalyzer FMG400B - FortiManager FortiClient (250 seats) Remote users
Preview file
31 KB
2829
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎05-03-2013 01:37 PM

noted Also nailing it behind a VIP would have gave you the same thing and no local fwpolicies for that src and only the inbound VIP fwpolicies

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2829
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.