Hello!
So we have recently gained a new client who is trying to install a Infotronics GT-400 hand punch time clock. They had a Fortigate E60 that was installed by a previous IT provider and we are new to this product. The payroll servicer is Paycor and they provided a list of IP ranges that need allow outbound/inbound traffic for HTTP (80), HTTPS (443) and SMTP (25).
Inside the Fortigate GUI, we went to Addresses and created an entry for each range and then created an address group containing each of the individual range entries. We then went to the IPv4 Policy section and created a new policy by listing the WAN connection as the Incoming Interface, the internal LAN as the Outgoing Interface, our address group as the Source and the reserved time clock IP as the Destination. We set schedule as Always and chose HTTP, HTTPS and SMTP as the Services. We left the action as ACCEPT. IP Pool Configuration was set to Use Outgoing Interface Address with default Proxy Options. The policy was enabled at this time.
My question is simply ... did we do this correctly and should it allow traffic across the address group as we intended?
Any help or insights would be welcomed as it seems the time clock is stuck on "please wait" when trying to communicate.
Hi James,
While I could be wrong, I'd be willing to bet your next paycheck (lol) that your rule is backwards of what it needs to be (if not, NAT needs to be turned off). A few salient points:
[ol]
Hope that helps! - Daniel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.