Please help me configure a policy for one connection. FG-60E (firmware v.7.2.10) works in transparent mode between optical modem (also in transparent mode) and main router for LAN. External IP address is on router, not on modem. When Inspection Mode works in Proxy-based (Firewall Policy), one of the devices in LAN cannot communicate with its server where it sends measurement data (blitzortung.org). Policy in Flow-base mode does not block the connection. It blocks only in Proxy-base. Is it possible to set Flow-based policy for selected remote server? Or add some exclusion in current policy? I know the addresses of servers to which data is sent.
Solved! Go to Solution.
It should be simple from the GUI, in Firewall Policy, copy the existing policy and paste 'Above'. Set a new policy name, select the Source and create an Address for the interested device and do the same in Destination for the server. Change the inspection to 'Flow-based' and enable the policy (toggle at the bottom).
It worked.
I created a new policy, I had to enter the server addresses only in Destination.
You can create a dedicated policy specific for only this host to server traffic and position it above the existing policy.
Yes, but how to do it? - I have no experience with FG
It should be simple from the GUI, in Firewall Policy, copy the existing policy and paste 'Above'. Set a new policy name, select the Source and create an Address for the interested device and do the same in Destination for the server. Change the inspection to 'Flow-based' and enable the policy (toggle at the bottom).
It worked.
I created a new policy, I had to enter the server addresses only in Destination.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.