hi there,
I want to make certain host (based on IP) can't accessible from some IPs.
the purpose is, DHCP user can't access certain hosts on the same interface. the user only can use/connect public hosts (such as network printer).
already try to make :
- policy interface_1 to interface_1, from dhcp IP to IP public hosts.
- policy interface_1 to interface_1, from dhcp IP to certain IP, blocked.
- policy route, from dhcp IP to certain IP, blocked.
alll policy use subnet mask 255.255.255.0
those policies not work.
any advice would be grateful. thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Typically hosts on the same subnet can communicate freely with each other because the traffic does not need to be routed, hence they will not traverse the firewall. Probably best to segment the traffic by either using different interfaces or configuring the firewall interface as a trunk on the switch and add VLAN interfaces to it. You could also create a zone for both VLANs effectively giving all devices on both VLANs the same policy and block intra zone traffic in the zone config.
hth
d
Typically hosts on the same subnet can communicate freely with each other because the traffic does not need to be routed, hence they will not traverse the firewall. Probably best to segment the traffic by either using different interfaces or configuring the firewall interface as a trunk on the switch and add VLAN interfaces to it. You could also create a zone for both VLANs effectively giving all devices on both VLANs the same policy and block intra zone traffic in the zone config.
hth
d
Hi,
thanks for reply.
currently vlan and use different interface not an option for us. anyway thanks for sharing.
thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.