Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
J_McGe
New Contributor

Created on ‎03-13-2025 07:20 AM

Policy creation to allow 2 options, log all other attempts

I have a Fortigate F100 with rules in place for the management address of my company's UPS. One policy allows SMTP traffic from that address to our mil server. The other allows DNS traffic from that address, nothing else. I'd like to log any other traffic from the address in question that doesn't match either of these two rules; what's the simplest way to configure such a policy? Just clone the 'UPS Management Address to DNS' rule, set it to DENY instead of ACCEPT, choose every service other than DNS, and hit the log option?

157
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎03-13-2025 12:03 PM

Create a rule under those two rules, set the client IP as source, service = ALL, and action = Deny.

AEK

View solution in original post

AEK
133
0 Kudos
1 REPLY 1
AEK
SuperUser
SuperUser

Created on ‎03-13-2025 12:03 PM

Create a rule under those two rules, set the client IP as source, service = ALL, and action = Deny.

AEK
AEK
134
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.